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Executive  Summary 


At  the  start  of  the  21st  century,  there  are  many  more  highly  capable  foreign  intelligence  services  in  the 
world  than  ever  before,  and  we  are  only  just  beginning  to  understand  their  modern  potential  as  an  exten¬ 
sion  of  state  power.  The  functions  that  U.S.  counterintelligence  (Cl)  performs  in  the  face  of  these  changing 
intelligence  threats  have  well-established  tactical  objectives  and  processes,  but  their  potential  as  an  integral 
part  of  American  national  security  strategy  is  just  starting  to  emerge. 

The  work  of  clandestine  services,  engaged  in  intelligence  collection  and  other  activities,  is  an  arena  of 
international  competition  in  which  the  advantage  does  not  necessarily  go  to  the  rich  or  powerful.  Foreign 
adversaries  may  not  have  a  prayer  of  fielding  costly  and  technologically  demanding  technical  collection 
suites,  but  they  can  organize,  train,  equip,  sustain,  and  deploy  impressive  numbers  of  case  officers,  agents 
of  influence,  saboteurs,  and  spies,  and  the  United  States  has  become  the  single  most  important  collection 
target  in  the  world.  Intelligence  operations  against  the  United  States  are  now  more  diffuse,  aggressive, 
technologically  sophisticated,  and  potentially  more  successful  than  ever  before,  especially  within  America 
itself,  where  a  rich,  free  society  and  an  extensive  foreign  presence  provide  opportunity  and  cover  for  intel¬ 
ligence  services  and  their  agents. 

Instead  of  looking  at  the  strategic  implications  of  foreign  intelligence  operations,  we  have  largely 
adopted  a  case-by-case  approach  to  dealing  with  the  threat  they  represent.  By  concentrating  our  Cl 
resources  within  the  United  States  rather  than  engaging  foreign  intelligence  services  abroad,  we  have  ceded 
the  advantage  to  the  adversary.  Foreign  powers  have  seized  the  initiative  and  moved  their  operations  to 
U.S.  soil,  where  our  institutions  are  not  constituted  to  work  against  the  growing  foreign  intelligence  net¬ 
works  embedded  within  American  society. 

In  2005,  President  George  W.  Bush  approved  a  strategic  reorientation  of  the  U.S.  Cl  enterprise  to 
identify,  assess,  neutralize,  and  exploit  foreign  intelligence  threats  as  national  security  priorities  dictate. 
The  National  Counterintelligence  Strategy  directs  that  the  considerable  resources  of  the  members  of  the 
U.S.  Intelligence  Community  that  have  global  reach  be  prioritized  and  coordinated  in  order  to  degrade 
foreign  intelligence  services  and  their  ability  to  work  against  us,  starting  with  working  the  target  abroad. 
The  tradecraft  and  operations  of  counterintelligence  are  not  new.  What  are  new  are  the  policy  imperatives 
to  integrate  Cl  insights  into  national  security  planning,  to  engage  Cl  collection  and  operations  as  a  tool  to 
advance  national  security  objectives,  and,  at  the  strategic  level,  to  go  on  the  offensive. 

This  strategic  mission  is  a  new  role  for  U.S.  counterintelligence,  which  historically  has  consisted  of 
disparate  threat-driven  pragmatic  activities,  each  measured  on  their  own  terms  rather  than  by  their  contri¬ 
butions  to  a  larger  whole.  Without  an  overarching  national  Cl  mission  to  prioritize  threats  and  articulate 
goals  and  objectives,  and  lacking  a  national  leader  to  program,  conserve,  and  orchestrate  Cl  activities, 
the  operational  elements  of  the  Federal  Bureau  of  Investigation  (FBI),  Central  Intelligence  Agency  (CIA), 
and  military  Services  have  been  left  to  manage  their  work  product  to  serve  their  individual  ends,  creating 
inherent  seams  that  invite  foreign  exploitation.  Many  of  the  deficiencies  that  have  cost  us  so  dearly  have 
been  the  result  of  this  systemic  failure  in  the  architecture  of  U.S.  counterintelligence. 

In  the  wake  of  a  series  of  devastating  espionage  cases,  a  National  Security  Council-led  review  under 
President  Bill  Clinton  (who  signed  Presidential  Decision  Directive  75,  “U.S.  Counterintelligence  Effective¬ 
ness — Counterintelligence  for  the  21st  Century”)  and  the  U.S.  Congress  (which  passed  the  Counterintel¬ 
ligence  Enhancement  Act  of  2002)  judged  that  the  nature  and  extent  of  the  foreign  intelligence  threat 
required  a  strategic  response  and  a  national  mission  office  to  guide  its  execution.  The  National  Counter¬ 
intelligence  Executive  (NCIX)  was  established  by  law  to  ensure  the  integration  and  strategic  direction  of 
Cl  community  operations  and  resources.  Under  the  National  Counterintelligence  Strategy,  and  as  rec¬ 
ommended  by  the  Weapons  of  Mass  Destruction  (WMD)  Commission  report  issued  the  same  year,  the 
several  operational  agencies  have  been  asked  to  assume  new  responsibilities  to  execute  the  strategic  Cl 
mission.  These  include  a  cadre  within  the  new  National  Clandestine  Service  dedicated  to  executing  the 
strategic  Cl  mission  abroad,  and  a  more  systemic  and  strategically  driven  Cl  mission  at  home  under  the 
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FBI’s  newly  created  National  Security  Branch.  These  foundations  bring  the  strategic  approach  to  counter¬ 
intelligence  within  reach,  but  we  are  not  there  yet. 

Countering  foreign  intelligence  threats  to  the  United  States  is  a  compelling  national  security  mission, 
yet  the  history  of  U.S.  counterintelligence  suggests  that  fragmentation  and  lack  of  strategic  coherence  will 
always  be  the  norm — a  pattern  we  tolerate  at  our  peril.  If  U.S.  counterintelligence  is  to  assume  the  strategic 
mission  that  it  alone  can  perform,  there  are  three  core  imperatives  for  change. 

First,  housing  the  NCIX  under  a  strong  Director  of  National  Intelligence  (DNI)  should  have  been 
a  boon  to  the  national  Cl  mission;  instead,  the  DNI  bureaucracy  has  become  part  of  the  problem  as  Cl 
responsibilities  have  been  dispersed  across  the  DNI  organization.  As  the  WMD  Commission  recom¬ 
mended,  the  NCIX  office  should  be  revalidated  and  empowered  to  perform  the  mission  that  it  has  been 
assigned.  In  particular,  the  Director  of  National  Intelligence  could  delegate  his  directive  authority  over  Cl 
budget,  analysis,  collection,  and  other  operations  to  the  NCIX,  which  would  go  a  long  way  toward  empow¬ 
ering  the  national  Cl  mission  with  the  authorities  and  resources  it  must  have  to  succeed. 

Second,  program  and  budgeting  authorities  for  Cl  activities  remain  divided  among  the  departments 
and  agencies,  and  without  the  power  of  a  common  purse,  the  mission  of  integrating  and  redirecting  U.S. 
counterintelligence  to  achieve  strategic  cohesion  may  well  be  impossible.  Under  the  old  business  model, 
we  are  getting  about  the  best  we  could  expect  out  of  our  Cl  programs.  For  the  future,  avoiding  strategic  Cl 
failure  will  require  more  than  simply  doing  more  of  the  same.  While  tactical  execution  must  remain  with 
the  responsible  agencies,  coherence  should  be  brought  to  the  Cl  enterprise  through  a  national  program  for 
Cl  activities  that  is  strategic,  coordinated,  and  comprehensive  as  to  threat. 

Finally,  the  greatest  single  void  at  present  arises  from  the  compartmentation  of  information  such 
that  no  single  entity  has  a  complete  picture  to  provide  warning  of  possible  foreign  intelligence  successes, 
to  support  operations,  or  to  formulate  policy  options  for  the  President  and  his  national  security  leaders. 
While  bilateral  interaction  between  the  five  operational  agencies  of  the  FBI,  CIA,  and  the  military  Services 
has  increased  in  recent  years  and  especially  in  the  wake  of  September  11,  those  contacts  taken  together  do 
not  equal  a  cohesive,  integrated  whole.  We  do  not  need  new  bureaucratic  structures  that  take  people  away 
from  the  field,  but  an  elite  national  Cl  strategic  operations  center,  manned  and  empowered  by  the  constitu¬ 
ent  members  of  the  Cl  community,  should  be  established  to  integrate  and  orchestrate  the  disparate  opera¬ 
tional  and  analytic  activities  across  the  Cl  community  to  strategic  effect. 

Introduction 

“Scholarship  and  the  Real  World  of  the  Policymaker”  sometimes  have  little  in  common.  In  his  1971 
article  of  that  name,  the  journalist  and  scholar  Charles  Burton  Marshall  talked  about  his  undergraduate 
years  as  an  international  relations  major  in  the  immediate  aftermath  of  the  Great  War.  In  his  experience, 
the  coursework  did  precious  little  to  prepare  the  student  for  the  world  events  that  were  to  unfold  in  the 
1930s  and  1940s;  rather,  it  centered  on  legal  and  institutional  readings  “full  of  thoughts  fathered  by  wishes” 
that  “were  mostly  misleading.”  In  particular,  his  college  studies 

gave  no  hint  of  the  practices  of  espionage,  the  role  of  intelligence  gathering  and  analysis,  or  the  play  of 

propaganda.  States’  propensities  for  leading  double  lives — having  at  once  forensic  and  efficient  policies, 

one  sort  for  display,  the  other  to  be  pursued — were  sloughed  over.1 

Over  40  years  have  passed,  and  intelligence  studies  are  now  a  part  of  most  serious  international  rela¬ 
tions  departments  and  are  integrated  into  the  curriculum  at  our  nations  war  colleges.  But  the  role  of  coun¬ 
terintelligence  remains  little  known  or  understood  among  scholars  or  practitioners  of  national  security 
studies  and  policymaking.2  In  fact,  counterintelligence  concerns  itself  with  all  of  the  things  “sloughed  over” 
in  Marshall’s  critique.  The  student  of  today  who  ignores  this  dimension  of  power  politics  will  be  even  less 
prepared  for  the  real  world  than  were  Marshall’s  contemporaries.  And  the  national  security  decisionmaker 
who  neglects  the  threats  and  opportunities  presented  by  foreign  intelligence  activities  will  be  rendering  the 
Nation  less  prepared  for  their  consequences. 
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In  an  effort  to  help  fill  this  void,  this  paper  offers  a  twofold  contribution  to  national  security  studies 
and  advocates  some  long-overdue  changes  for  U.S.  counterintelligence  as  well.  First,  it  discusses  the  value 
of  counterintelligence  (Cl)  as  a  tool  of  national  security  and  defense  strategy,  which  properly  considers 
the  adversary’s  use  of  intelligence  to  achieve  advantage  and  the  means  necessary  to  deny  that  advan¬ 
tage — the  mission  of  CI.  Second,  it  sets  forth  the  elements  of  a  strategic  approach  to  guide  U.S.  counter¬ 
intelligence  and  offers  some  policy  prescriptions  to  enable  the  execution  of  a  strategically  driven  national 
CI  mission. 

While  these  objectives  may  seem  quite  ordinary,  my  experience  has  been  that  counterintelligence 
is  little  understood  by  the  national  security  strategist,  and  strategy  is  little  understood  by  the  CI  profes¬ 
sional — to  the  detriment  of  both  pursuits.  During  my  time  in  office  as  head  of  U.S.  counterintelligence  as 
well  as  in  this  paper,  I  have  endeavored  to  align  the  two  more  closely,  both  conceptually  and  in  practice.  I 
especially  encourage  students  of  defense  and  strategic  studies  to  pay  due  attention  to  the  CI  discipline.  The 
Nation  would  benefit  from  the  contributions  of  scholars  and  policymakers  alike  who  understand  the  his¬ 
tory,  scope,  practice,  and  possibilities  of  counterintelligence. 

Counterintelligence  as  a  Tool  of  National  Security 

In  the  face  of  changing  foreign  intelligence  threats,  the  several  functions  counterintelligence  per¬ 
forms  have  well-established  tactical  objectives  and  processes,  but  their  potential  as  an  integral  part  of  U.S. 
national  security  strategy  is  only  just  beginning  to  emerge. 

When  successful,  counterintelligence  contributes  directly  to  national  security  by  serving  both  as  a 
shield  (guarding  against  penetrations  of  our  government  and  informing  security  and  other  defensive  mea¬ 
sures)  and  a  sword  (conducting  offensive  CI  operations  to  shape  foreign  perceptions  and  degrade  foreign 
intelligence  capabilities)  against  threats  to  our  nations  security. 

Counterintelligence  can  also  contribute  indirectly  to  U.S.  policymaking  by  opening  a  unique  win¬ 
dow  into  the  plans,  intentions,  and  capabilities  of  foreign  powers  who  direct  their  intelligence  operations 
against  the  United  States  or  its  interests.  This  window  into  the  “double  lives”  of  states  of  which  Marshall 
wrote  is  a  less  familiar  dimension  of  CI  work,  one  that  national  security  decisionmakers  and  scholars  alike 
have  largely  neglected.  The  positive  intelligence  that  counterintelligence  may  supply — that  is,  how  and 
to  what  ends  governments  use  the  precious  resources  that  their  intelligence  services  represent — can  help 
inform  the  underlying  American  foreign  and  defense  policy  debate,  but  only  if  our  policy  leadership  is 
alert  enough  to  appreciate  the  value  of  such  insights. 

Foreign  Intelligence  Operations:  The  IMew Threat  Environment 

The  proliferation  of  foreign  intelligence  capabilities  and  actors  in  the  post-Cold  War  world  has  cre¬ 
ated  a  complicated  threat  environment,  with  implications  for  U.S.  national  security  interests  at  home  and 
abroad  that  have  yet  to  be  fully  realized. 

Although  espionage  is  often  called  the  world’s  second  oldest  profession,  the  formally  constituted 
external  intelligence  service  is  a  20th- century  phenomenon.3  The  first  American  external  intelligence  ser¬ 
vice,  the  Office  of  Strategic  Services  (OSS),  was  born  of  necessity  and  with  British  assistance  in  World  War 
II.  President  Harry  Truman’s  decision  to  disband  the  OSS  after  the  war  was  followed  by  extensive  debate 
over  whether  the  United  States  needed  an  external  intelligence  capability  in  peacetime,  an  argument  that 
was  finally  resolved  with  the  passage  of  the  National  Security  Act  of  1947  and  the  creation  of  the  Central 
Intelligence  Agency.4  In  rapid  succession  over  the  decades  since,  most  of  the  world’s  governments  have 
developed  some  kind  of  standing  external  intelligence  service. 

The  overwhelming  intelligence  threat  posed  by  the  former  Soviet  Union  and  the  Warsaw  Pact  was  the 
defining  concern  of  U.S.  counterintelligence  during  the  Cold  War.  While  the  Soviet  Union  has  dissolved, 
its  sophisticated  intelligence  apparatus  remains  very  much  in  business.  But  it  is  far  from  alone.  At  the  start 
of  the  2 1st  century,  there  are  more  highly  capable  foreign  intelligence  services  in  the  world  than  ever  before, 
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ones  that  are  organized,  trained,  equipped,  and  deployed  directly  against  the  United  States  and  its  interests. 
And  we  are  only  just  beginning  to  understand  their  modern  potential  as  an  extension  of  state  power. 

Today’s  chief  intelligence  adversaries  are  disparate  in  their  structures,  diverse  in  their  operations, 
working  within  society  more  than  under  embassy  cover,  and  learning  from  one  another.  Unlike  U.S. 
intelligence,  which  is  highly  reliant  on  national  technical  means  of  collection  such  as  signals  intelligence 
(SIGINT)  and  imagery  satellites,  most  of  the  world’s  governments  have  turned  to  human  collectors  to 
serve  as  their  principal  (sometimes  exclusive)  eyes  and  ears.  At  the  same  time,  the  information  revolution 
has  opened  new  avenues  for  intelligence  collection  through  computer  network  attack  and  other  means, 
which  (especially  when  enabled  by  human  access  agents)  can  provide  potentially  high  payoff  at  relatively 
low  cost. 

As  foreign  intelligence  activities  have  grown,  the  United  States  has  become  the  foremost  collection 
target  in  the  world.  U.S.  plans,  intentions,  and  capabilities  are  the  single  most  valuable  information  com¬ 
modity  for  other  governments  and  nonstate  actors,  as  they  chart  their  own  paths  for  peace,  progress,  profit, 
or  conflict.  One  need  not  necessarily  agree  with  the  thesis  advanced  by  Thomas  Powers5  and  others  that  we 
are  in  a  midst  of  a  long- duration  intelligence  war  to  see  the  value  of  understanding  and  protecting  against 
the  intelligence  operations  of  enemies,  competitors,  and  even  friends. 

In  recent  history,  the  United  States  has  sustained  stunning  losses  to  foreign  intelligence  services, 
which  used  espionage  and  other  means  to  penetrate  almost  every  one  of  the  most  secret,  highly  guarded 
institutions  of  our  national  security  apparatus.  Any  one  of  these  major  compromises  could  have  had  devas¬ 
tating  consequences  in  war,  but  thankfully  the  Cold  War  ended,  as  President  Ronald  Reagan  said,  without 
either  side  firing  a  shot.  Now  our  nation  is  at  war,  engaged  in  a  conflict  different  in  kind  and  scope  than 
any  in  our  past.  Because  we  are  at  war,  the  potential  consequences  of  intelligence  and  other  critical  infor¬ 
mation  compromises  are  more  immediate,  jeopardizing  U.S.  operations,  deployed  forces,  and  citizenry. 

While  the  immediacy  of  the  threat  from  Islamic  extremist  violence  is  properly  in  the  foreground  of 
U.S.  national  security  concerns,  there  remain  other  enduring  and  persistent  dangers  from  tyrants  armed 
with  destructive  weaponry  and  aggressive  ambitions,  and  greater  powers  whose  larger  strategic  aims  we 
ignore  at  our  peril.  With  U.S.  forces  in  Afghanistan  and  Iraq,  and  American  intelligence  and  special  opera¬ 
tions  teams  pursuing  al  Qaeda  networks  worldwide,  traditional  adversaries  of  the  United  States,  as  well  as 
some  new  ones,  see  a  window  of  opportunity,  and  they  are  seizing  it. 

Today,  most  of  the  world’s  governments  and  some  35  suspected  terrorist  organizations  target  the 
United  States  or  its  interests  for  intelligence  collection  principally  through  human  espionage.  Specifically, 
foreign  adversaries  use  their  intelligence  capabilities  to: 

■  penetrate,  collect,  and  compromise  U.S.  national  security  secrets  (information,  plans,  technology, 
activities,  operations,  and  so  forth)  in  order  to  advance  their  interests  and  defeat  U.S.  objectives 

■  manipulate  and  distort  the  picture  of  reality  upon  which  U.S.  policymakers  plan  and  execute 
national  security  strategies,  technology  developments,  and  economic  well-being,  including  cor¬ 
rupting  the  intelligence  we  gather  and  conducting  influence  operations  aimed  at  U.S.  decision- 
makers6 

■  disrupt  and  counter  secret  U.S.  national  security  operations  (such  as  covert  action,  special  opera¬ 
tions,  and  other  sensitive  military  and  diplomatic  activities) 

■  acquire  critical  U.S.  technologies  and  other  sensitive  proprietary  information  to  enhance  their 
military  capabilities  or  to  achieve  economic  advantage. 

The  use  of  intelligence  operations  by  weaker  powers  to  achieve  advantage  is  a  classic  asymmetric 
strategy,  a  fashionable  term  but  hardly  a  new  concept:  “Combatants  throughout  the  ages  have  continually 
sought  to  negate  or  avoid  the  strength  of  the  other,  while  applying  one’s  own  strength  against  another’s 
weakness.”7  For  the  United  States  and  other  democratic  countries,  our  relative  “weakness”  is  the  openness 
of  our  society  and  our  people.  The  opportunity  for  intelligence  officers  and  their  agents  to  move  about 
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freely,  develop  contacts,  and  operate  in  the  dark  is  no  more  lost  on  foreign  intelligence  adversaries  than  it 
was  on  the  19  hijackers  that  September  morning. 

Foreign  intelligence  operations  against  the  United  States  are  now  more  diffuse,  aggressive,  techno¬ 
logically  sophisticated,  and  potentially  more  successful  than  ever  before.  In  recent  years,  increasing  intel¬ 
ligence  operations  within  our  borders  have  been  facilitated  by  an  extensive  foreign  presence  that  provides 
cover  for  intelligence  services  and  their  agents.  Traditional  foes,  building  on  past  successes,  are  continu¬ 
ing  their  efforts  to  penetrate  the  U.S.  Government,  while  waves  of  computer  intrusions  into  sensitive  U.S. 
Government  information  systems  have  confounded  efforts  to  identify  their  source.  We  have  also  seen 
apparent  attempts  by  foreign  partners  to  exploit  cooperative  endeavors  against  terrorist  groups  to  learn 
essential  secrets  about  U.S.  intelligence  and  military  operations,  along  with  an  emerging  market  in  U.S. 
national  security  secrets,  which,  among  other  things,  enables  foreign  practices  of  deception  and  denial  to 
impair  U.S.  intelligence  collection.  And  perhaps  most  troubling,  growing  foreign  capabilities  to  conduct 
influence  and  other  covert  operations  threaten  to  undermine  U.S.  allies  and  national  security  interests. 

Foreign  powers  use  their  intelligence  services  to  seek  advantage,  and  as  their  objectives  diverge,  so 
do  the  purposes  to  which  their  intelligence  resources  are  put.  Yale  historian  Robin  Winks  reminds  us,  “As 
Lenin  observed,  every  intelligence  operation  has  a  political  object;  Cl  helps  to  find  what  that  objective 
is”8 — and,  where  appropriate,  provide  options  to  defeat  it. 

The  Functions  of  Counterintelligence 

As  an  integral  part  of  broader  U.S.  national  security  policy  and  strategy,  the  job  of  U.S.  counterintel¬ 
ligence  is  to  identify,  assess,  neutralize,  and  exploit  the  intelligence  activities  of  foreign  powers,  terrorist 
groups,  and  other  entities  who  seek  to  do  us  harm  (see  figure  1). 


Figure  1 .  Annotated  Definition  of  Counterintelligence 


Definition  of  Counterintelligence 


two  key  elements  of  Cl 


Counterintelligence  means  1.  information  gathered  and 
2.  activities  conducted  to  identify,  assess,  neutralize,  and 
exploit  the  intelligence  activities  and  capabilities  of 
foreign  powers,  terrorist  groups,  and  other  foreign  entities 
that  harm  U.S.  national  security 
Thes e  foreign  intelligence  activities  include  espionage, 
technical  collection,  sabotage,  influence  operations,  and 
manipulation  of,  or  interference  with  U.S.  defense  and 
intelligence  activities. 


elaborates  on  “activities  conducted” 
by  listing  the  daily  practice  of  Cl 


elaborates  on  the  worldwide  nature  of  the 
threat,  not  defined  by  the  water’s  edge 


KEY  DELIMITERS: 

1 )  the  focus  is  on  foreign  intelligence  activities, 
not  all  foreign  harmful  activities 

2)  the  focus  is  on  foreign  intelligence  activities, 
not  directly  on  U.S.  persons  and  security 
secrets 


1 )  elaborates  on  foreign  intelligence  activities  by 
listing  daily  practice;  prevents  narrowing  to 
only  one  Cl  element 

2)  broadens  to  include  technology,  influence 
operations,  and  denial  and  deception 


Source:  Office  of  the  National  Counterintelligence  Executive. 
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Identify.  The  first  job  of  counterintelligence  is  to  identify  the  foreign  intelligence  activities  directed 
against  the  United  States  and  its  interests.  In  its  most  obvious  application,  this  threat  data  informs  protec¬ 
tive  security  measures  (personnel  screening,  information  handling,  computer  security,  physical  security) 
and  the  dynamic  operational  security  needs  of  intelligence  collection,  military  activities,  and  other  sensitive 
national  security  operations.9  As  with  any  difficult  collection  target,  the  identification  of  foreign  intelligence 
threats  is  an  iterative  process  of  honing  collection  requirements,  engaging  creative  collection  strategies  and 
techniques,  and  refining  analytic  understanding  through  the  demanding  standards  of  intelligence  analysis. 

But  Cl  analysis  also  has  a  specialized  and  enormously  difficult  second  track:  the  identification  and 
analysis  of  “anomalies”  that  may  warn  of  foreign  intelligence  successes  against  us.  This  is  a  unique  analytic 
task  that  takes  into  account  not  only  what  is  collected  about  the  foreign  intelligence  capabilities  but  also 
the  forensic  evidence  of  their  work. 

These  Cl  analysts  are  the  ones  who  zero  in  on  the  things  that  Yogi  Berra  deemed  “too  coincidental  to 
be  a  coincidence.”  A  jumble  of  many  data  points — a  previously  active  communications  channel  gone  dark 
to  U.S.  SIGINT,  a  series  of  human  intelligence  (HUMINT)  reports  all  conveying  the  same  message,  sources 
compromised  in  an  unknown  or  suspicious  manner,  incident  reports  of  intrusions  into  secure  government 
spaces  or  information  systems — may  present  a  larger  picture  if  they  can  be  collected,  lifted  above  the  noise, 
and  correlated  with  other  intelligence  about  adversary  activities  and  capabilities.  Such  forensic  Cl  analysis 
can  help  discover  and  connect  the  seemingly  disconnected,  discern  patterns  of  activity  and  behavior  here¬ 
tofore  unobserved,  and  in  so  doing  reveal  the  hand  of  foreign  intelligence  operations. 

Visibility  into  foreign  intelligence  operations  globally  can  contribute  to  strategic  warning  as  well.10 
Warning  is  a  highly  specialized  (and  generally  not  well  understood)  process,  which  is  both  a  unique  intel¬ 
ligence  function  and  a  distinct  element  of  national  security  decisionmaking.  Its  essence  is  the  “timely 
analytic  perception  and  effective  communication  to  policy  officials  of  important  changes  in  the  level  or 
character  of  threats  to  national  security  interests  that  require  reevaluation  of  U.S.  readiness  to  deter  or  limit 
damage.  The  goal  is  to  prevent  strategic  surprise.”11  As  described  by  the  House  Permanent  Select  Commit¬ 
tee  on  Intelligence: 

Warning  occupies  a  central  and  a  unique  role  in  U.S.  national  security  planning  as  well  as  in  the  intel¬ 
ligence  community.  A  timely  warning  provides  the  opportunity  for  policy  makers  to  engage  early  in 
threat  management,  thereby  possibly  deterring  or  defusing  a  crisis  and  reducing  the  political  as  well  as 
the  economic  cost  to  the  nation.  Even  late  in  the  crisis,  accurate  warning  can  assist  the  decision  maker  in 
effectively  utilizing  national  security  resources,  thus  favorably  altering  the  outcome.12 

As  part  of  a  warning  template,  the  activities  of  foreign  intelligence  services  may  number  among  the 
most  useful  early  indicators  of  changes  in  threat  conditions.  Intelligence  activities  are  classic  precursors  to 
attack.  When  the  warning  community  was  concerned  about  an  attack  on  the  North  Atlantic  Treaty  Orga¬ 
nization  (NATO)  through  the  Fulda  Gap,  U.S.  intelligence  kept  watch  for  missile  and  aircraft  readiness 
stages  and  forward  movements  of  armor  and  personnel.  Warning  of  attack  in  the  current  threat  environ¬ 
ment  is  more  subtle,  but  intelligence  preparation  is  a  necessary  precondition  even  for  terrorist  attacks.  As 
the  Defense  Science  Board  pointed  out  in  October  2001,  “No  observation  is  more  important  in  countering 
terrorism  than  to  understand  that  would-be  perpetrators,  to  succeed,  must  participate  in  the  gathering  and 
application  of  intelligence.”13 

Similarly,  the  presence  of  foreign  intelligence  personnel  or  operations  in  a  third  country  may  reflect 
an  expectation  of  a  new  collection  opportunity  or,  when  correlated  with  other  events  or  processes,  present 
a  pattern  indicating  a  new  development  such  as  preparation  for  a  covert  initiative.  For  example,  a  notice¬ 
able  increase  in  the  Chinese  intelligence  presence  in  Latin  America  might  be  an  anomaly  that  keys  U.S. 
collection  to  other  indicators  of  Chinese  interest  or  transactions,  which  in  turn  might  give  warning  ana¬ 
lysts  some  insight  into  prospective  significant  geopolitical  changes. 

Timeliness  and  reliability  are  the  keys  to  effective  warning,  which  means  that  the  sooner  U.S.  intel¬ 
ligence  gets  wind  of  changes  to  come,  the  greater  the  opportunity  it  has  to  validate  the  indicators  of  change 
and  issue  timely  warning.  The  commitment  of  foreign  intelligence  resources  reflects  choices  that  must  be 
made  early  in  the  decision  cycle  as  their  governments  weigh  threat  and  opportunity  and  prepare  to  act. 
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Given  the  substantial  costs  (funding,  risks,  and  opportunity  costs)  involved  in  the  allocation  and  targeting 
of  scarce  intelligence  resources,  their  presence  can  serve  as  early  precursors  of  emerging  threats.  Observed 
changes  in  foreign  intelligence  activities  may  also  serve  as  red  flags  to  help  hone  collection  on  related  indi¬ 
cators  of  threat  to  inform  warning  decisions  better. 

For  the  decisionmaker,  timely  warning  intelligence  needs  to  be  evaluated  in  the  context  of  national 
security  objectives,  the  political/military  environment  in  which  the  threat  is  developing,  and  the  range  of 
options  available  to  influence  the  adversary  or  mitigate  exposure.  The  purpose  of  warning  is  not  merely  to 
trigger  the  equivalent  of  a  call  to  “Take  cover!”  but  also  to  enable  actions  to  manage  the  threat,  including 
actions  that  might  dissuade  the  adversary  from  initiating  conflict  and  limiting  damage.  Only  with  the  long 
leadtime  of  strategic  warning  can  policymakers  engage  the  full  range  of  diplomatic,  economic,  and  other 
pressures  to  shape  a  favorable  outcome.  A  greater  awareness  of  foreign  intelligence  activities  may  help 
lengthen  that  leadtime,  as  well  as  suggest  additional  options  to  influence  events,  as  discussed  below. 

Assess.  Analysis  of  the  intelligence  activities  of  adversaries  or  allies,  competitors  or  partners,  may 
open  a  window  into  their  respective  interests,  purposes,  and  plans.  For  instance,  our  insights  into  the  for¬ 
eign  intelligence  activities  of  the  other  main  centers  of  global  power  may  confirm  or  otherwise  shape  pros¬ 
pects  for  cooperative  action. 

U.S.  policy  toward  Russia  is  a  case  in  point.  Many  of  the  Cold  War  activities  of  the  Soviet-era  Komitet 
Gosudarstvennoi  Bezopastnosti  (the  Committee  for  State  Security,  or  KGB)  are  recounted  in  the  book 
The  Sword  and  the  Shield:  The  Mitrokhin  Archive  and  the  Secret  History  of  the  KGB.14  Drawing  on  unprec¬ 
edented  access  to  over  25,000  pages  of  KGB  files,  the  authors  document  the  breadth  and  audacity  of  the 
former  Soviet  intelligence  attack  on  the  United  States — including  notably  its  extensive  active  measures  and 
disinformation  campaign,  which  would  appear  to  have  confirmed  the  most  conspiracy-minded  suspicions 
of  the  anticommunist  American  right  wing.  As  one  observer  points  out,  the  real  importance  of  the  book 
is  “the  sheer  weight  of  accumulated  detail  which  reveals  a  madly  compulsive  Soviet  over-reliance  on  clan¬ 
destine  means  for  conducting  its  foreign  policy,  maintaining  security  and  ideological  control  at  home,  and 
acquiring  the  technological  infrastructure  of  a  modern  state.”15  The  extent  to  which  Russia  continues  this 
70-year  tradition  of  aggressive  clandestine  operations  in  the  United  States  and  elsewhere  should  be  of  no 
small  interest  to  national  security  decisionmakers  as  they  fashion  U.S.  policy  toward  the  government  of 
(former  KGB/Federal  Security  Bureau  head)  President  Vladimir  Putin. 

Intelligence  services  are  a  tool  of  state  power.  Their  uses  are  many,  as  are  their  corresponding 
strengths  and  weaknesses.  Within  the  disciplines  of  international  relations  or  comparative  politics,  there 
is  room  for  far  more  study  of  both  the  diversity  of  intelligence  services  as  government  institutions  and  of 
intelligence  operations  as  an  extension  of  state  action.  In  practice,  Cl  tasks  must  be  prioritized  by  a  sophis¬ 
ticated  assessment  of  threats,  which  proceeds  from  an  understanding  of  how  intelligence  capabilities  are 
used  to  advance  foreign  objectives. 

Consider  the  case  of  China’s  intelligence  activities,  which  increasingly  rival  those  of  Russia  as  a  U.S. 
counterintelligence  concern.  We  know  that  the  most  likely  way  the  United  States  and  China  could  come 
to  military  conflict  is  over  Taiwan  and  that  such  a  conflict  is  likely  to  involve  naval  engagements.  There 
are  specific  dimensions  to  those  engagements  that  would  shape  Chinese  intelligence  collection  objectives 
against  U.S.  targets,  within  Taiwan,  and  elsewhere  in  the  region  (and  globally  as  well).  Scenario-driven 
logic  trees  of  this  kind  can  yield  a  taxonomy  for  prioritizing  Cl  analytic  efforts  and  drive  collection  to  sup¬ 
port  that  analysis. 

Assessments  of  foreign  intelligence  capabilities  can  help  inform  policy  deliberations  and  frame 
options  for  actions,  supplying  answers  to  such  questions  as: 

■  If  the  United  States  is  confronted  with  the  prospect  of  war  with  Iran,  what  role  will  Iranian  intel¬ 
ligence  services  play  in  conducting  operations  against  the  United  States,  and  what  options  do  we 
have  to  neutralize  those  operations? 

■  If  North  Korea  attempts  to  sell  and  deliver  a  nuclear  device  or  nuclear  materials,  what  contribution 
can  our  counterintelligence  forces  make  in  the  efforts  to  detect  and  intercept  such  activities? 
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a  What  hostile  intelligence  activities  are  directed  against  the  United  States  that  might  be  designed  to 
neutralize  our  capacity  to  exercise  effective  space  control? 

■  To  what  extent  are  the  intelligence  elements  of  the  governments  of  South  Korea  and  Taiwan  sus¬ 
ceptible  to  deception  by  hostile  intelligence  forces,  and  do  we  have  sufficient  capability  to  discern 
those  operations  and  guard  against  efforts  to  misdirect  us? 

■  What  is  the  role  of  Cuban  intelligence  personnel  in  Venezuela,  and  what  influence  does  Havana 
exercise  over  Hugo  Chavez’s  government? 

■  What  efforts  are  under  way  by  hostile  intelligence  forces  to  undermine  the  effectiveness  of  our 
ballistic  missile  defense  system?  How  effective  are  our  security  preparations  in  protecting  against 
these  actions?16 

The  foreign  intelligence  activities  of  adversaries  and  friends  are  an  important  factor  to  consider  as  part 
of  sound  national  security  policymaking.  Counterintelligence  can  supply  specialized  insights,  provided  that 
the  allocation  of  Cl  collection  and  analytic  resources  are  prioritized  to  support  policy  needs.  For  example, 
Israeli  intelligence  activities  worldwide  are  a  matter  of  no  small  Cl  concern,17  but  they  are  far  down  on  the 
U.S.  national  security  priority  list  relative  to  perhaps  less  capable  but  far  more  worrisome  intelligence  activi¬ 
ties  of  hostile  states.  The  judgment  of  whether  Cl  resource  allocations  are  providing  the  greatest  return  on 
investment  may  differ  depending  on  whether  the  measure  of  effectiveness  is  national  security  policy  rel¬ 
evance  or  operational  insight.  Analytic  support  to  Cl  operations  is  a  vital  Cl  function.  Foreign  intelligence 
threat  assessments  that  are  driven  by  national  security  policy  are  a  strategic  Cl  mission. 

Neutralize.  Counterintelligence  has  a  positive  intelligence  role  to  identify  threats  and  assess  foreign 
intelligence  capability,  but  that  is  only  the  beginning.  The  most  distinguishing  feature  of  counterintelligence 
is  that  it  is  an  operational  function.  As  defined  in  law  by  the  National  Security  Act  of  1947,  counterintelli¬ 
gence  is  “information  gathered  and  activities  conducted  [emphasis  added]  to  protect  against  espionage,  other 
intelligence  activities,  sabotage,  or  assassinations  conducted  by  or  on  behalf  of  foreign  governments  or  ele¬ 
ments  thereof,  foreign  organizations  or  foreign  persons,  or  international  terrorist  activities.” 

“For  the  intelligence-minded  man,  to  know  about  the  opposition  and  his  installations  is  the  whole 
goal;  for  counterintelligence,  knowing  is  only  the  beginning  of  the  road — something  has  to  be  done  about 
the  information.”18  The  emphasis  on  doing  extends  beyond  the  Intelligence  Community  to  include  ele¬ 
ments  of  law  enforcement.  When  a  spy  is  arrested,  or  a  “diplomat”  caught  in  pari  delicto  and  expelled,  or 
an  asset  discredited  as  working  for  the  other  side,  the  Cl  elements  that  neutralized  the  foreign  intelligence 
operation  have  done  their  specific  job. 

Stepping  up  to  the  strategic  level,  the  neutralization  of  foreign  intelligence  threats  is  an  essential  part 
of  protecting  national  security  secrets.  Sound  security  measures  such  as  locks,  guards  and  gates,  back¬ 
ground  investigations  and  polygraphs,  computer  firewalls  and  document  controls,  are  unquestionably 
vital,  but  they  can  only  carry  protection  so  far;  there  will  always  be  a  purposeful  adversary  looking  for 
ways  to  get  at  what  it  wants.  Counterintelligence  goes  after  the  adversary. 

Campaigns  to  neutralize  enemy  intelligence  capabilities  have  long  been  an  essential  part  of  war  plan¬ 
ning.  They  also  have  a  place  in  national  security  strategy  in  times  of  peace.  One  of  the  best  examples  of  strate¬ 
gic  Cl  operations  was  the  work  that  began  in  the  early  1980s  to  stop  the  Soviets’  illicit  acquisition  of  advanced 
technologies.  The  detente  policies  of  the  Nixon  administration  had  opened  the  floodgates  to  Soviet  intelli¬ 
gence  in  their  clandestine  efforts  to  obtain  scientific  knowledge  and  technologies  from  the  West: 

This  effort  was  suspected  by  a  few  U.S.  Government  officials  but  not  documented  until  1981,  when 
French  intelligence  obtained  the  services  of  Colonel  Vladimir  I.  Vetrov,  codenamed  “Farewell,”  who 
photographed  and  supplied  4,000  KGB  documents  on  the  program.  In  summer  1981,  President  Francois 
Mitterrand  told  President  Reagan  of  the  source,  and,  when  the  material  was  supplied,  it  led  to  a  potent 
counterintelligence  response  by  CIA  and  the  NATO  intelligence  services.19 

The  Farewell  dossier  provided  detailed  information  on  Soviet  technology  acquisition  efforts,  includ¬ 
ing  how  the  collection  program  was  run  under  Line  X  (the  KGB  division  in  charge  of  gathering  science 
and  technology  information)  and  exactly  what  they  were  after.  It  set  off  a  far-reaching  technology  control 
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effort,  including  export  control  enforcement  actions  and  effective  international  cooperation  in  interdict¬ 
ing  unlawful  transfers.  And  U.S.  intelligence  implemented  a  new  set  of  requirements  to  develop  follow-on 
sources  to  expose  true  end  users  and  other  valuable  insights  into  Soviet  technology  acquisition  activities. 
The  ensuing  Cl  operations  to  disrupt  Soviet  technology  collection  were  broad  and  thorough.  Within  the 
United  States,  and  jointly  with  NATO  governments  in  Western  Europe,  some  200  Soviet  intelligence  offi¬ 
cers  and  their  sources  were  compromised  and  expelled,  effectively  putting  Line  X  out  of  business.20 

Importantly,  this  strategic  Cl  campaign  was  of  a  piece  with  the  larger  U.S.  strategy  toward  the  former 
Soviet  Union  under  the  Reagan  administration.  Embodied  in  National  Security  Decision  Directive  75,  the 
central  objective  was  to  “contain  and  over  time  reverse  Soviet  expansionism  by  competing  effectively  on  a 
sustained  basis  with  the  Soviet  Union  in  all  international  arenas.”21  The  U.S.  defense  buildup  of  the  1980s  was 
the  centerpiece  of  this  strategy.  When  Farewell  walked  through  the  door,  the  United  States  was  just  beginning 
a  military  modernization  effort  that  would  rest  the  Nations  defenses  on  capturing  and  sustaining  qualitative 
superiority.  Research  and  development  (R&D)  efforts  supporting  the  Strategic  Defense  Initiative,  new  com¬ 
posite  materials  enabling  stealth  capabilities,  and  breakthroughs  in  supercomputing  and  other  extraordinary 
information  technologies,  among  many  other  marvels  of  engineering  and  design,  were  all  at  stake. 

Farewell  gave  U.S.  counterintelligence  the  keys  to  neutralize  the  KGB’s  campaign  to  piggyback  on  U.S. 
technology  investments.  But  that  was  not  all. 

Exploit.  The  opportunity  was  tantalizing.  “With  the  Farewell  reporting,”  as  the  late  Gus  Weiss  told 
the  story,  “CIA  had  the  Line  X  shopping  list  for  still-needed  technology,  and  with  the  list  American  intelli¬ 
gence  might  be  able  to  control  for  its  purposes  at  least  part  of  Line  X’s  collection,  that  is,  turn  the  tables  on 
the  KGB  and  conduct  economic  warfare  of  our  own.”  Weiss  continued: 

I  met  with  Director  of  Central  Intelligence  William  Casey  on  an  afternoon  in  January  1982.  I  proposed 
using  the  Farewell  material  to  feed  or  play  back  the  products  sought  by  Line  X,  but  these  would  come 
from  our  own  sources  and  would  have  been  ‘“improved,”  that  is,  designed  so  that  on  arrival  in  the  Soviet 
Union  they  would  appear  genuine  but  would  later  fail.  U.S.  intelligence  would  match  Line  X  requirements 
supplied  through  Vetrov  with  our  version  of  those  items,  ones  that  would  hardly  meet  the  expectations  of 
that  vast  Soviet  apparatus  deployed  to  collect  them. 

If  some  double  agent  told  the  KGB  the  Americans  were  alert  to  Line  X  and  were  interfering  with  their 
collection  by  subverting,  if  not  sabotaging,  the  effort,  I  believed  the  United  States  still  could  not  lose.  The 
Soviets,  being  a  suspicious  lot,  would  be  likely  to  question  and  reject  everything  Line  X  collected.  If  so, 
this  would  be  a  rarity  in  the  world  of  espionage,  an  operation  that  would  succeed  even  if  compromised. 

Casey  liked  the  proposal. 

As  was  later  reported  in  Aviation  Week  &  Space  Technology,  CIA  and  the  Defense  Department,  in  part¬ 
nership  with  the  FBI,  set  up  a  program  to  do  just  what  we  had  discussed:  modified  products  were  devised 
and  “made  available”  to  Line  X  collection  channels.22 

There  has  been  no  official  confirmation  of  the  existence  of  the  program  Weiss  describes.  Indeed,  if 
Line  X  collection  was  being  shut  down  through  a  vast  expulsion  effort,  it  would  be  tricky  to  salt  the  collec¬ 
tion  channels  simultaneously  in  the  manner  Weiss  suggests.  However,  the  concept  of  using  the  adversary’s 
own  intelligence  operations  against  them  is  a  stellar  example  of  creative  offensive  CL 

Golden  opportunities  of  the  kind  Farewell  provided  do  not  come  knocking  every  day.  But  the 
national  Cl  enterprise  needs  to  be  constituted  to  seek  out  high-value  insights  into  foreign  intelligence 
activities,  recognize  gold  when  it  appears  (and  fool’s  gold  for  what  it  is),  and  be  creative  and  agile  and  com¬ 
petent  enough  to  seize  the  moment. 

The  world  of  offensive  counterintelligence  is  most  familiar  in  its  supporting  role  to  military  opera¬ 
tions.23  The  finest  historic  example  is  the  Allied  landing  at  Normandy.  The  D-Day  landing  was  a  huge  risk 
that  succeeded  because  of  masterful  planning,  including  the  most  sweeping  deception  in  military  history. 
The  Allies  could  not  hope  to  hide  the  fact  that  they  intended  a  cross-channel  invasion,  but  through  the  use 
of  elaborate  decoys  and  ruses,  misleading  communications,  finely  orchestrated  double  agent  operations,24 
and  a  host  of  other  inventive  measures,  they  led  the  Germans  to  believe  the  landing  site  would  be  at  Pas  de 
Calais.  The  surprise  was  total.25 
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For  deception  to  be  successful,  according  to  World  War  II  historian  F.H.  Hinsley,  “two  things  are 
imperative:  First,  the  enemy  must  be  kept  totally  in  the  dark  about  what  you  don’t  want  him  to  know,  and 
second,  you  must  know  everything  he  is  thinking  all  the  time,  especially  when  he’s  confronted  with  what 
you  want  him  to  believe.”  In  any  deception  campaign,  the  feedback  loop  is  all  important.  Hinsley  continues: 

We  were  able  to  locate,  early  on,  the  entire  German  espionage  network  in  Britain,  eliminate  parts  of  it 
and  use  others  to  feed  Hitler  disinformation.  We  were  also  able  to  learn  Hitlers  thinking  about  where 
and  when  the  invasion  would  eventually  come,  play  to  his  prejudices  and  hunches,  and  learn  when  and 
whether  he  took  our  bait.  We  were  reading  his  mind  all  the  time.26 

Offensive  Cl  seeks  to  influence  the  adversary’s  decisionmakers  by  manipulating  the  intelligence 
product  that  informs  their  decisions,  “luring  your  opponent  into  doing  voluntarily  and  by  choice  what  you 
want  him  to  do.”27  This  was  the  role  counterintelligence  played  in  Operation  Overlord,  luring  the  Germans 
to  mass  their  forces  in  the  wrong  place. 

The  same  principle  pertains  to  the  role  counterintelligence  can  play  in  peacetime.  Successful  coun¬ 
terintelligence  operations  can  provide  the  means  for  influencing  decisions  or  behaviors  that  may  spell  the 
difference  between  favorable  or  unfavorable  outcomes  in  world  events.  The  key  to  success  in  counterintel¬ 
ligence,  like  everything  else,  is  playing  to  your  strengths — or  to  the  adversary’s  vulnerabilities. 

Foreign  emphasis  on  human  collectors  over  other  means  of  collection  is  the  single  most  distinctive 
asymmetry  in  modern  intelligence  structures,  and  it  has  profound  implications  for  U.S.  counterintel¬ 
ligence.  The  U.S.  Intelligence  Community  had  its  origins  in  Pearl  Harbor  and  the  imperative  to  guard 
against  strategic  surprise.  Our  money  and  genius  went  into  the  development  and  fielding  of  an  early  warn¬ 
ing  capability  to  watch  for  missile  launches,  and  standoff  capabilities  to  pierce  the  Iron  Curtain  and  to 
learn  all  we  could  about  the  unparalleled  Soviet  threat.  We  tend  to  place  greater  trust  in  what  we  collect 
through  sophisticated  technical  means  than  through  human  channels  with  their  many  idiosyncrasies  and 
limitations.  In  this  history,  U.S.  intelligence  is  distinctive. 

In  sharp  contrast,  HUMINT  is  necessarily  the  bread  and  butter  of  our  adversaries  and  friends.28 
An  early  Soviet  defector  contrasted  what  he  saw  as  the  Western  approach  to  intelligence  collec¬ 
tion  of  monitoring  the  world  scene  for  voluminous  bits  of  open  data  with  the  Soviet  reliance  on 
the  work  of  spies:  “The  difference  is  not  just  a  theoretical  one;  in  practice  it  affects  every  phase  of 
intelligence  activity,  from  operational  strategy  and  choice  of  strategy  to  evaluation  of  the  reliability 
of  information  procured  and  its  importance  to  policy  makers.”29  It  also  affects  relative  strengths — 
and  vulnerabilities. 

The  work  of  clandestine  services,  engaged  in  intelligence  collection  and  other  activities,  is  an  arena  of 
international  competition  in  which  the  advantage  does  not  necessarily  go  to  the  rich  or  the  otherwise  pow¬ 
erful.  Foreign  adversaries  may  not  have  a  prayer  of  fielding  costly  and  technologically  demanding  technical 
collection  suites  (the  U.S.  Government  has  worked  hard  to  keep  it  that  way),  but  they  can  organize,  train, 
equip,  sustain,  and  deploy  impressive  numbers  of  case  officers,  agents  of  influence,  saboteurs,  and  spies — 
which  they  do,  in  numbers  commensurate  with  their  value. 

Yet  there  is  wisdom  in  the  notion  that  every  strength  can  become  a  liability.  If  HUMINT  is  the  eyes 
and  ears  of  foreign  leaders,  purposefully  shaping  the  reporting  they  receive  through  HUMINT  channels 
can  be  a  formidable  influence  on  their  actions.  And  the  foreign  intelligence  service  becomes  an  even  more 
attractive  target  for  penetration. 

The  ultimate  goal  of  offensive  Cl 

is  to  penetrate  the  opposition’s  own  secret  operations  apparatus:  to  become,  obviously  without  the  oppo¬ 
sition’s  knowledge,  an  integral  and  functioning  part  of  their  calculations  and  operations. ...  [A  successful 
Cl  penetration]  puts  you  at  the  very  heart  of  his  actions  and  intentions  towards  you.  .  .  .  Most  impor¬ 
tantly,  you  are  in  a  position  to  control  his  actions,  since  you  can,  by  tailoring  intelligence  for  him  to  your 
purposes,  by  influencing  his  evaluation,  mislead  him  as  to  his  decisions  and  consequent  actions.30 
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To  be  sure,  this  describes  the  ideal  Cl  operation;  but  even  short  of  such  perfection,  by  exploiting  insights 
into  foreign  intelligence  activities,  counterintelligence  can  provide  new  avenues  to  degrade  emerging 
threats  and  help  turn  events  to  U.S.  advantage. 

The  tradecraft  and  operations  of  counterintelligence  are  not  new.  What  is  new  are  the  possibilities  of 
forging  closer  ties  to  national  strategy  by  integrating  Cl  insights  into  national  security  planning;  prioritiz¬ 
ing  Cl  collection  and  operations  in  line  with  national  security  priorities;  and,  at  the  strategic  level,  going 
on  the  offense. 

National  Security  Strategy  under  President  Bush 

The  National  Security  Strategy  of  the  United  States  of  America,  issued  by  President  Bush  in  2002  and 
updated  in  2006,  proceeds  from  a  fundamental  objective:  “to  create  a  balance  of  power  that  favors  freedom.” 
That  document  is  very  much  an  offensive  strategy,  including  in  particular  its  emphasis  on  preemption  and  pre¬ 
ventive  measures.  This  offensive  aspect  has  made  the  Presidents  strategy  both  distinctive  and  controversial. 

John  Lewis  Gaddis,  in  his  monograph  Surprise,  Security,  and  the  American  Experience,  argues  that  the 
Bush  doctrine  is  far  more  serious  and  sophisticated  than  its  critics  acknowledge — and  also  less  novel.  He 
points  out  that  the  United  States  has  suffered  three  surprise  attacks  in  its  history,  each  of  which  called  forth 
a  new  grand  strategy:  the  British  burning  of  Washington,  DC,  in  1814;  the  Japanese  attack  at  Pearl  Harbor 
in  1941;  and  the  attacks  of  September  11,  2001.  As  Gaddis  writes,  “Americans  have  generally  responded  to 
threats — and  particularly  surprise  attacks — by  taking  the  offensive,  by  becoming  more  conspicuous,  by  con¬ 
fronting,  neutralizing,  and  if  possible  overwhelming,  the  sources  of  danger  rather  than  fleeing  from  them.”31 

Accordingly,  in  the  wake  of  the  British  attack,  new  Secretary  of  State  John  Quincy  Adams  developed 
Americas  first  confrontational  grand  strategy,  which  was  twofold:  to  achieve  security  through  territorial 
expansion  in  order  to  preempt  the  power  vacuum  on  the  continent,  and  to  adopt  a  policy  of  unilateral¬ 
ism  and  thus  avoiding  entangling  alliances.  The  second  American  grand  strategy  arose  under  Franklin 
Roosevelt,  who  sought  to  secure  the  United  States  by  securing  the  world,  guaranteeing  free  markets  and 
self-determination  for  all  people.  Strong  states,  acting  through  the  United  Nations  Security  Council,  would 
secure  the  peace.  This  grand  strategy  saw  us  through  the  Cold  War. 

Now  we  have  a  new  enemy  and  new  threats,  which  require  means  different  from  those  employed 
during  World  War  II  and  the  Cold  War.  In  response,  Gaddis  argues,  the  Bush  doctrine  is  not  so  much  a 
departure  from  American  history  as  a  return  to  the  preemption  and  unilateral  action  of  the  19th  century. 
Today’s  new  element  is  the  need  to  walk  a  fine  line  to  hold  on  to  the  consent  of  key  states,  which  is  not  an 
easy  task.  The  many  difficult  issues  associated  with  counterterrorist  operations,  including  extraordinary 
renditions,  long-term  imprisonment  of  detainees,  and  other  intelligence  and  operational  exigencies,  have 
been  grist  for  anti-American  propaganda  mills  and  diplomatic  confrontations. 

Personal  politics  notwithstanding,  all  responsible  citizens  of  the  United  States  agree  that  we  cannot 
wait  until  the  threat  reaches  our  shores  to  act.  In  the  past,  terrorists  were  subject  to  manhunts,  apprehension, 
and  rendition  for  trial.  Today,  the  strategic  objective  is  to  stop  them  before  they  can  strike.  The  same 
imperative  should  apply  to  the  intelligence  operations  of  our  adversaries. 

The  Best  Defense  is  a  Good  Offense 

The  record  of  U.S.  counterintelligence,  especially  counterespionage,  shows  that  most  Cl  has  been 
based  on  tolerating  some  level  of  loss — extremely  grave  loss  in  the  case  of  some  long- serving,  well-placed 
spies — that,  once  discovered,  triggers  intensive  investigations,  prosecutions,  and  countermeasures  to  repair 
and  limit  damage.  This  ability  to  react  quickly  and  effectively  will  always  be  a  vital  core  of  counterintelli¬ 
gence.  But  a  strategy  predicated  on  acceptable  loss  was  always  a  questionable  approach  to  countering  hos¬ 
tile  intelligence  activities,  which  could  have  failed  catastrophically  had  the  United  States  found  itself  at  war 
with  the  Soviet  Union.  It  is  now  intolerable  in  the  face  of  a  global  war  and  the  steady  growth  of  intelligence 
operations  directed  against  the  United  States  and  its  interests. 


12 


SCHOOL  FOR  NATIONAL  SECURITY  EXECUTIVE  EDUCATION 


Other  states,  and  certainly  all  of  our  adversaries,  seek  to  use  their  intelligence  services  as  a  strategic 
make-weight.  Not  surprisingly,  U.S.  counterintelligence  is  identifying  collection  activities  targeted  against 
all  the  essential  elements  of  our  national  defenses  and  the  supporting  structures  that  maintain  the  Nations 
technological  advantage  at  home  and  abroad.  From  the  standpoint  of  foreign  intelligence  interest,  there  are 
many  potentially  valuable  targets  outside  of  our  borders,  such  as  American  Government  personnel  and  the 
far-reaching  activities  of  critical  U.S.  commerce  and  industry.  But  the  real  intelligence  treasure  trove  for 
foreign  powers  is  in  the  United  States. 

The  institutions  and  people  responsible  for  the  formulation  and  implementation  of  American  plans, 
intentions,  and  capabilities — the  central  targets  of  foreign  intelligence  collection  and  influence — are  prin¬ 
cipally  within  the  borders  of  the  United  States.  Intelligence  production  and  weapons  design,  the  secrets  of 
our  nuclear  labs,  and  the  strategic  advantage  afforded  the  Nations  security  by  R&D  at  American  compa¬ 
nies  such  as  Bell  Labs  or  Boeing  or  Dupont  are  all  within  our  borders,  as  are  thousands  of  facilities  engaged 
in  classified  national  security  work  and  hundreds  of  thousands  of  workers  who  hold  security  clearances. 
If  these  structures  and  personnel  have  become  the  principal  target  of  foreign  intelligence  operations,  an 
effective  Cl  capability  is  our  first  and  last  means  of  defense  to  protect  them. 

Today,  for  example,  notwithstanding  our  relatively  friendly  relationship  at  the  political  level,  the  Rus¬ 
sian  intelligence  and  security  services  remain  our  most  capable  adversaries,  both  abroad  as  well  as  in  the 
United  States,  where  they  continue  to  operate  as  though  the  Cold  War  had  not  ended.  With  the  explosion 
of  the  volume  of  Russian  and  other  tourists,  immigrants,  official  visitors,  and  business  operations  in  this 
country,  the  opportunities  for  clandestine  operations  have  increased  proportionately. 

The  Cl  problem  is  not  one  of  sheer  numbers,  though  by  any  measure  there  are  more  foreign  intelli¬ 
gence  operatives  in  the  United  States  than  we  have  personnel  to  address  them.32  The  larger  and  more  com¬ 
pelling  issue  is  the  scope  of  their  activities. 

Historically,  embassies  and  other  diplomatic  establishments  within  the  United  States  have  served 
as  the  hub  for  foreign  intelligence  activities  because  of  the  operational  security  they  afford.  Not  surpris¬ 
ingly,  the  20,000-strong  diplomatic  community  has  commanded  the  lion’s  share  of  U.S.  counterintelligence 
attention.  Our  Cl  resources,  especially  those  of  the  FBI,  have  been  scoped  against  this  threat  population 
and  its  geographic  concentrations  in  Washington  and  New  York,  and  consular  offices  in  such  cities  as 
San  Francisco,  Chicago,  Atlanta,  and  Houston. 

Now,  however,  foreign  powers  increasingly  are  running  intelligence  operations  with  unprecedented 
independence  from  the  former  safe  havens  of  their  diplomatic  establishments.  The  number  of  formal  and 
informal  ports  of  entry  to  the  country,  the  ease  with  which  people  can  travel  internally,  and  the  relatively 
benign  U.S.  operational  environment  are  tailor-made  for  embedded  clandestine  collection  activities.  Thou¬ 
sands  of  foreign- owned  commercial  establishments  within  the  country,  the  routine  interactions  of  trade  and 
transnational  business  and  finance,  and  the  exchange  of  hundreds  of  thousands  of  students  and  academicians 
all  potentially  extend  the  reach  of  foreign  intelligence  into  the  core  structures  of  the  Nations  security. 

Instead  of  looking  at  the  strategic  implications  of  these  foreign  intelligence  operations,  we  have  for 
the  most  part  adopted  a  case-by-case  approach  to  dealing  with  the  threat  they  represent.  Domestically,  our 
Cl  effort  has  been  concentrated  on  counterespionage  investigations:  violations  of  criminal  statutes  against 
espionage  and  related  offenses  (such  as  failure  to  register  as  a  foreign  agent,  mishandling  of  classified  infor¬ 
mation,  and  certain  violations  of  export  control  laws).  Where  successful,  these  cases  may  result  in  prosecu¬ 
tions,  demarches,  or  the  expulsion  of  diplomatic  personnel  for  activities  inconsistent  with  their  status.  But 
with  rare  exception,  their  disposition  is  decided  on  the  merits  of  the  instant  case  and  not  as  part  of  a  larger 
effort  to  counter  the  foreign  intelligence  service  as  a  strategic  target.33 

As  a  result,  I  fear  we  have  been  somewhat  oblivious  to  the  effects  of  foreign  intelligence  operations 
within  the  United  States  except  when  they  find  expression  in  espionage  cases.  While  the  FBI — by  far, 
Americas  premier  Cl  agency — is  assigned  responsibility  for  countering  all  foreign  intelligence  operations 
in  the  United  States,  it  lacks  the  manpower,  the  resources,  the  training,  and  probably  the  public  support 
to  venture  into  the  complex  grounds  of  analyzing  the  vast  foreign  presence  in  the  country  to  identify  the 
intelligence  operations  embedded  therein.34  No  other  department  or  agency  is  assigned  this  mission,  sees  it 
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as  their  job,  or  has  the  authority  to  carry  it  out.  As  a  result,  our  understanding  of  the  foreign  presence  and 
intelligence  operations  within  the  United  States  is  unacceptably  poor. 

Yet  three-quarters  of  the  American  Cl  budget  since  World  War  II  has  been  devoted  to  activities 
within  the  United  States  carried  out  by  the  FBI.  In  addition,  most  of  the  remainder  allocated  to  the  CIA, 
Defense  Department,  and  to  small  pockets  elsewhere  in  the  government  has  gone  to  programs  and  per¬ 
sonnel  based  wholly  or  in  part  within  U.S.  borders.  As  a  national  priority,  funding  for  counterintelligence 
is  pitifully  low  relative  to  the  penalty  foreign  intelligence  successes  can  exact.  But  more  money  is  not  the 
cure,  so  long  as  the  resulting  business  model  of  U.S.  counterintelligence  remains  optimized  for  a  defensive 
posture  of  working  individual  cases  at  home,  rather  than  working  the  foreign  intelligence  service  as  a  stra¬ 
tegic  target  globally. 

In  the  past,  Americas  default  Cl  strategy  has  been  to  wait  to  engage  the  adversary  in  our  own  back¬ 
yard,  rather  than  in  his.  Again  by  default,  we  have  placed  ourselves  at  a  twofold  disadvantage.  By  concen¬ 
trating  our  Cl  resources  within  the  United  States,  and  waiting  for  the  foreign  intelligence  threat  to  come  to 
U.S.  territory,  we  have  ceded  the  advantage  to  the  adversary.  Foreign  powers  have  seized  the  initiative  and 
have  moved  their  operations  to  favorable  terrain:  U.S.  soil.  Our  domestic  institutions  are  not  constituted  to 
work  against  foreign  intelligence  cadre  embedded  within  American  society;  indeed,  we  have  laws  and  con¬ 
stitutional  values  that  militate  against  government  intrusion  (by  intelligence  entities  or  law  enforcement 
agencies)  into  private  life — an  operating  advantage  that  foreign  services  readily  exploit. 

The  strategic  implications  are  clear.  We  have  been  approaching  the  problem  from  the  wrong  end. 
Rather  than  waiting  until  the  foreign  intelligence  threat  is  at  our  doorstep,  U.S.  counterintelligence  needs 
to  go  on  the  offense,  to  exploit  where  we  can  and  interdict  where  we  must,  with  the  purpose  of  degrading 
the  foreign  intelligence  service  and  its  ability  to  work  against  us. 

Assigning  a  strategic,  proactive  mission  to  U.S.  counterintelligence  represents  a  sharp  departure  from 
past  practices.  In  my  view,  this  expansion  and  strategic  reorientation  of  the  U.S.  Cl  enterprise  are  long  over¬ 
due.  No  longer  can  we  afford  to  rest  on  our  ability  to  tolerate  some  level  of  loss  before  taking  action.  No 
longer  should  we  cede  the  initiative  to  foreign  intelligence  services  working  on  U.S.  soil  to  penetrate  our 
government.  The  age-old  wisdom  that  the  best  defense  is  a  good  offense  is  also  true  for  counterintelligence. 

Executing  an  offensive  Cl  strategy  begins  with  working  the  target  abroad.  As  directed  by  national  secu¬ 
rity  policy  priorities,  the  considerable  resources  of  the  members  of  the  U.S.  Intelligence  Community  that 
have  global  reach  need  to  be  directed  to  help  identify  and  then  disrupt  or  exploit  the  intelligence  activities  of 
foreign  powers,  wherever  they  are  directed  against  U.S.  interests  worldwide.  Conceptually,  this  undertaking 
consists  of  two  parts:  first,  a  global  Cl  assessment  of  foreign  intelligence  presence,  capabilities,  and  activities, 
and  second,  a  Cl  “doctrine” — the  fundamental  principles  that  guide  military  or  other  operations  in  support  of 
national  objectives — for  attacking  foreign  intelligence  services  systematically  via  strategic  Cl  operations. 

At  home,  the  proactive  Cl  mission  calls  for  a  coordinated,  community-wide  effort  of  aggressive  oper¬ 
ational  activity  and  analysis  to  obtain  the  intelligence  necessary  to  neutralize  the  inevitable  penetrations  of 
our  government.  To  do  this,  the  operational  and  analytic  focus  of  U.S.  counterintelligence  must  transform 
from  a  case-driven  approach  to  a  strategic  assessment  of  adversary  presence,  capabilities,  and  intentions, 
which  in  turn  drives  operations.  This  will  also  require  looking  beyond  the  customary  targets  of  known 
intelligence  officers  to  the  larger  population  of  diverse  foreign  visitors  and  others  serving  foreign  intelli¬ 
gence  purposes,  who  find  our  free  and  open  society  a  rich  playing  field  for  the  illicit  collection  of  national 
security  secrets  and  other  valuable  information  that  confer  advantage. 

We  need  to  find  appropriate  ways,  consistent  with  all  the  protections  of  our  Constitution,  to  discern 
foreign  operations  within  the  United  States.  What  can  be  done  to  fill  the  enormous  gaps  in  our  knowl¬ 
edge?  With  some  500  million  border  crossings  annually,  this  is  a  nearly  overwhelming  problem  for  U.S. 
counterintelligence,  as  it  is  for  our  Nations  counterterrorism  efforts.  Yet  despite  these  odds,  the  painstak¬ 
ing  network  analysis  of  al  Qaeda  cells  is  paying  off,  which  may  suggest  an  approach  for  Cl  analysis  as  well. 
Similarly,  the  Defense  Department  has  hard-won  experience  with  locating  elusive  targets  against  a  vast 
background  of  noise;  there  may  be  an  analogous  methodology  that  can  provide  clues  on  how  to  find  hid¬ 
den  foreign  intelligence  operations  in  the  United  States. 
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Most  of  today’s  Cl  professionals  came  to  the  profession  through  specific  training  in  intelligence  or  in 
investigations  and  law  enforcement.  Much  of  their  work  involves  careful  watchdog  activities  that  zero  in 
on  indicators  of  internal  wrongdoing,  security  glitches,  suspicious  transactions,  or  other  anomalies.  In  this 
respect,  while  individual  investigators  and  intelligence  officers  may  perform  their  job  with  great  personal 
initiative,  counterintelligence  as  a  national  enterprise  is  largely  reactive  and  tactical.  We  need  to  take  that 
personal  initiative  and  turn  it  into  national  initiative. 

The  proactive  approach  to  counterintelligence  requires  a  generous  dose  of  creativity  to  turn  threat  into 
opportunity.  We  do  not  want  to  sit  back  and  discover,  years  after  the  fact,  that  while  we  have  investigated 
every  reported  security  breach,  spies  have  stolen  our  secrets  or  cyber  thieves  have  exploited  our  networks. 
Instead,  U.S.  counterintelligence  needs  to  think  offensively:  how  does  the  foreign  intelligence  service  oper¬ 
ate?  What  are  its  vulnerabilities?  How  can  they  be  exploited?  What  are  the  indicators  that  might  give  us 
warning  of  intelligence  operations  against  us?  Are  there  tripwires  we  can  design  to  give  us  an  edge?  Are 
there  Cl  avenues  available  to  influence  foreign  decisionmaking  to  help  achieve  larger  U.S.  national  security 
objectives?  There  is  no  question  that  our  Nations  talented  Cl  professionals  can  do  this  job,  provided  their 
leadership  sets  the  right  course.  Clearly,  U.S.  counterintelligence  needs  a  new  strategy,  and  now  it  has  one. 

The  2005  National  Counterintelligence  Strategy 

Each  of  the  major  challenges  confronting  Americas  security — defeating  global  terrorism,  countering 
weapons  of  mass  destruction,  ensuring  the  security  of  the  homeland,  transforming  defense  capabilities, 
fostering  cooperation  with  other  global  powers,  promoting  global  economic  growth — has  an  embedded 
counterintelligence  imperative.  Specifically,  terrorists,  tyrants,  foreign  adversaries,  and  even  economic 
competitors  engage  in  a  range  of  intelligence  activities  directed  against  us  in  order  to  advance  their  inter¬ 
ests  and  defeat  U.S.  objectives. 

Too  often,  these  foreign  intelligence  activities  against  the  United  States  are  successful.  Collectively, 
they  present  strategic  threats  to  the  Nations  security  and  prosperity.  The  United  States  requires  a  national, 
systematic  perspective  and  coherent  policies  to  counter  them.  Key  to  success  is  a  strategic  counterintelli¬ 
gence  response. 

We  now  have,  for  the  first  time,  a  single  document  that  sets  forth  the  President’s  vision  for  U.S. 
counterintelligence  and  its  mission  in  support  of  America’s  national  security.  President  Bush  approved 
the  National  Counterintelligence  Strategy  on  March  1,  2005,  while  Congress  was  still  debating  the 
creation  of  the  Office  of  the  Director  of  National  Intelligence.  The  new  strategy  is  the  product  of  con¬ 
tributions  from  across  the  leadership  of  the  Cl  community,  and  in  its  final  form  is  the  result  of  care¬ 
ful  White  House  deliberation  and  review.  It  is  the  first  document  issued  by  any  administration  that 
directs  the  full  scope  of  the  Nation’s  efforts  to  counter  the  global  foreign  intelligence  threats  against 
the  United  States.35 

The  National  Counterintelligence  Strategy,  which  is  unclassified,  is  based  on  a  classified  threat  assess¬ 
ment  that  lays  out  the  ways  in  which  foreign  intelligence  services  are  stealing  U.S.  national  security  secrets 
to  support  their  military  or  terrorist  objectives,  to  undercut  America’s  foreign  policy  or  commerce,  or  to 
exploit  what  they  learn  of  U.S.  intelligence  capabilities  to  hide  their  actions  or  mislead  us.36  The  strategic 
purpose  of  counterintelligence  is  to  identify  these  threats  and  stop  them. 

Modeled  after  the  President’s  National  Security  Strategy,  the  2005  National  Counterintelligence  Strat¬ 
egy  has  seven  pillars  that  define  the  objectives  for  U.S.  Cl:  counter  terrorist  operations,  seize  advantage, 
protect  critical  defense  technology,  defeat  foreign  denial  and  deception,  level  the  economic  playing  field, 
inform  national  security  decisionmaking,  and  build  a  national  Cl  system. 

Counter  Terrorist  Operations.  In  many  parts  of  the  world,  including  in  the  United  States,  al  Qaeda 
and  other  terrorist  organizations  employ  classic  intelligence  methods  to  gather  information,  recruit 
sources,  and  direct  human  assets.  They  are  also  capable  of  engaging  in  sophisticated  deceptive  practices, 
not  unlike  traditional  foreign  powers,  to  mislead  U.S.  decisionmakers.  Beyond  this,  terrorist  groups  draw 
strength  from  state  sponsors,  which  means  that  the  intelligence  services  of  those  regimes  can  be  key  links 
in  the  global  terrorist  support  network. 
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The  National  Counterintelligence  Strategy  directs  the  national  security  leadership  to  ensure  that  the 
war  on  terror  is  armor-plated  with  an  effective  Cl  strategy  to  identify  and  exploit  offensive  opportunities 
against  terrorist  networks  and  to  provide  Cl  support  to  force  protection  and  operations  security  in  the  field. 
We  need  to  institutionalize  the  linkages  between  counterintelligence  and  the  analytic  and  operational  enti¬ 
ties  supporting  the  global  war  on  terrorism — a  critical  element  that  the  September  11  Commission  over¬ 
looked.  Behind  these  straightforward  objectives  lie  many  intensive  tasks,  such  as  bringing  analytic  insight 
into  the  intelligence  operations  of  terrorist  groups  and  their  sponsors,  providing  Cl  support  to  sensitive  U.S. 
operations,  and  developing  a  Cl  mindset  to  backstop  the  geopolitical  imperatives  of  this  global  war. 

As  an  integral  part  of  the  U.S.  campaign  against  radical  Islamic  terrorist  groups,  it  is  the  job  of  coun¬ 
terintelligence  to  develop  and  execute  integrated  strategic  operations  against  the  intelligence  activities  of 
terrorist  groups  and  their  state  sponsors.  In  theory,  terrorist  groups  have  positive  intelligence  objectives 
and  need  to  protect  their  operations.  What  does  that  intelligence  footprint  look  like,  and  how  amenable  are 
these  operations  to  Cl  remedies  or  solutions? 

The  intelligence  activities  of  state  sponsors  of  terrorism  are  a  related  category  of  Cl  interest.  As  part  of 
a  larger  effort  to  document  the  range  and  details  of  state  actor  support  to  terrorist  organizations  or  activi¬ 
ties,  counterintelligence  needs  a  collection  plan  for  foreign  intelligence  support  to  terrorists  that  can  enable 
Cl  operations  to  degrade  their  success.  Obvious  collection  requirements  include  such  details  as  knowing  the 
names  of  foreign  intelligence  personnel  and  how  and  from  whom  they  receive  their  tasking.  The  Cl  discipline 
affords  both  the  strategic  analytic  perspective  and  the  operational  tradecraft  needed  to  identify  and  exploit 
offensive  opportunities  against  terrorist  networks  and  the  intelligence  operations  of  their  state  sponsors. 

The  war  on  terror  has  led  to  an  expanding  number  of  cooperative  intelligence  relationships,  some  of 
which  draw  on  longstanding  liaison  histories,  and  others  of  which  are  very  high  risk.  The  United  States  has 
established  these  intelligence  relationships  because  we  have  a  genuine  purpose  to  go  after  terrorist  groups. 
Other  states  may  have  different  (or  supplementary)  motivations  for  cooperative  intelligence  work.  Across 
the  board,  counterintelligence  needs  to  assess  how  foreign  intelligence  services  are  exploiting  their  rela¬ 
tionship  with  the  U.S.  counterterrorism  effort  for  their  own  purposes. 

Intelligence  liaison  relationships  are  one  among  myriad  U.S.  counterterrorism  activities  that  require 
a  Cl  plan.  The  many  elements  of  the  U.S.  national  security  community  engaged  in  counterterrorist  work, 
from  the  dedicated  analytic  and  planning  elements  of  the  Intelligence  Community  to  the  U.S.  forces 
deployed  in  Iraq  and  Afghanistan  to  Special  Operations  teams  in  many  parts  of  the  world,  are  targets  of 
foreign  intelligence  and  al  Qaeda  interest. 

There  are  also  troubling  questions  surrounding  the  true  extent  of  initiatives  by  terrorist  organiza¬ 
tions  or  their  agents  to  penetrate  supporting  elements  of  the  U.S.  Government.  Our  generations  struggle 
against  the  extremist  teachings  of  radical  Islam  is  a  war  for  hearts  and  minds  and  a  breeding  ground  for 
ideological  spies.37  Public  reports  suggest  that  some  40  terrorists  had  been  caught  trying  to  infiltrate  U.S. 
intelligence  agencies  as  of  2005, 38  leading  to  no  small  concern  over  how  many  may  have  escaped  detection. 
Each  of  these  endeavors  is  a  proper,  and  compelling,  subject  for  U.S.  counterintelligence. 

Seize  Advantage.  In  line  with  broader  national  security  objectives,  the  National  Counterintelligence 
Strategy  directs  that  U.S.  counterintelligence  shift  emphasis  from  a  posture  of  reacting  to  foreign  intelli¬ 
gence  threats  to  a  proactive  strategy  of  seizing  advantage. 

The  need  for  this  capability  was  driven  home  in  our  experience  with  the  war  against  Iraq.  In  the 
leadup  to  Operation  Iraqi  Freedom,  an  interagency  Cl  strategic  planning  team  came  together  to  develop  a 
common  operating  picture  of  Iraqi  intelligence  operations  worldwide.  In  response  to  command  authority 
direction,  the  team  was  chartered  to  render  Iraqi  intelligence  ineffective.  While  this  effort  resulted  in  some 
important  successes,  the  Cl  community  learned  its  lessons  the  hard  way: 

■  Strategic  operational  planning  to  degrade  foreign  intelligence  capabilities  has  long  leadtimes.  Begin¬ 
ning  at  D  minus  6  months — as  was  the  case  with  Iraq — is  too  little,  too  late.  Even  though  coalition 
forces  had  technically  been  at  war  with  Iraq  for  10  years,  flying  daily  combat  missions,  the  Cl  com¬ 
munity  could  identify  and  contain  an  unacceptably  low  percentage  of  Iraqi  intelligence  personnel. 
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a  U.S.  counterintelligence  was  not  (and  is  not)  postured  globally  to  disrupt  a  foreign  intelligence  ser¬ 
vice.  U.S.  capabilities  are  not  integrated  to  operate  jointly.  There  is  a  basic  lack  of  central  orchestra¬ 
tion  or  of  a  standard  approach  to  targeting.  Interagency  information-sharing  is  poor,  and  infra¬ 
structure  support  is  even  worse. 

The  interagency,  proactive  approach  adopted  in  the  leadup  to  Iraq  is  the  right  way  to  go,  but  it  will 
not  work  if  it  is  ad  hoc.  Resources  need  to  be  prepositioned,  and  real  Cl  operations  plans  built  in  advance, 
including  command  over  non-CI  resources  (especially  intelligence  collection)  essential  to  their  execution. 
To  begin,  we  need  to  develop  the  equivalent  of  what  the  military  calls  an  “order  of  battle”  on  foreign  intel¬ 
ligence  services  of  concern.  These  are  positive  intelligence  requirements,  which  include  answering  such 
questions  as: 

■  What  is  the  American  targets  capability  of  the  adversary  service?  (Foreign  intelligence  services 
have  a  set  cadre  of  personnel  trained  to  go  after  American  targets;  U.S.  counterintelligence  needs 
to  understand  who  they  are  and  how  they  operate.) 

■  What  is  the  doctrine  by  which  the  service  deploys? 

■  What  are  its  budget,  training,  personnel  records? 

■  What  are  its  liaison  relationships,  and  what  are  their  resources  and  targets? 

■  What  are  the  critical  nodes  of  foreign  collection  against  us? 

■  What  are  the  signatures  of  the  intelligence  precursors  to  an  attack? 

■  What  is  their  leadership  structure? 

■  How  and  by  whom  are  they  tasked? 

Nations  use  their  intelligence  services  for  particular  purposes  that  are  as  diverse  as  the  national  ambi¬ 
tions  they  support.  In  exploring  these  questions,  we  should  not  be  surprised,  therefore,  to  see  intelligence 
officers  from  different  services  trained  and  deployed  in  signature  ways.39  Just  as  we  are  learning  to  map  the 
networks  of  terrorist  groups,  so  too  can  we  analyze  the  ways  in  which  foreign  services  are  built  and  oper¬ 
ate.  This  analytic  work,  in  turn,  should  lead  to  refined  collection  requirements  to  fill  in  the  blanks  in  U.S. 
knowledge  and  to  support  strategic  operational  planning  to  exploit  foreign  intelligence  vulnerabilities. 

It  is  the  clear  objective  of  the  National  Counterintelligence  Strategy  that  the  United  States  should  never 
again  have  to  deal  with  the  intelligence  services  of  another  hostile  country  from  a  position  of  near  ignorance. 
The  challenge  is  to  develop  a  common  operating  picture  and  operational  insights  into  the  target  services,  as 
well  as  plans  and  capabilities  to  degrade  them  as  our  national  security  requirements  dictate.  The  benefits  will 
be  many:  in  wartime,  we  will  be  ready,  and  in  peacetime,  we  gain  advantage  to  protect  lives,  shape  threats, 
defuse  dangers,  provide  insight  into  warning  of  war,  and  protect  our  national  security  secrets. 

Protect  Critical  Defense  Technology.  The  National  Counterintelligence  Strategy  directs  that  U.S. 
counterintelligence  help  protect  the  vital  technology  secrets  that  are  the  bedrock  of  our  strategic  security. 
America’s  deterrence  and  defense  have  long  depended  on  strategic  secrets:  the  locations  of  our  hidden 
retaliatory  forces,  the  codes  by  which  we  protect  our  military  and  diplomatic  communications,  the  intel¬ 
ligence  sources  and  methods  that  give  us  warning  and  permit  us  to  understand  the  threats  and  opportuni¬ 
ties  we  face,  and  the  sensitive  technologies  that  give  us  military  and  commercial  advantage.  The  United 
States  cannot  maintain  its  dynamic  technological  superiority  without  a  corresponding  counterintelligence 
superiority. 

A  national  defense  strategy  based  on  “transformation” — the  ability  to  develop  and  incorporate  trans¬ 
formational  capabilities,  technologies,  and  techniques  that  render  adversary  capabilities  obsolete — places 
a  premium  on  the  sensitive  capabilities  and  technologies  that  give  advantage.  The  single  most  effective 
strategy  to  defeat  U.S.  national  defense  plans  to  ensure  superiority  through  transformation  is  to  capture 
those  essential  secrets  in  order  to  incorporate  them  into  adversary  weapons  systems  and  to  develop  coun¬ 
termeasures.  Foreign  militaries  that  acquire  controlled  U.S.  technologies  are  able  to  leapfrog  technological 
barriers  that  would  otherwise  slow  or  even  prevent  the  production  of  more  sophisticated  weapons. 
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Espionage  has  long  proven  the  most  cost-effective  means  of  defeating  U.S.  capabilities.  We  may  spend 
billions  of  dollars  to  develop  a  given  weapons  system,  the  effectiveness  of  which  rests  on  essential  technologi¬ 
cal,  operational,  or  design  secrets  that  give  us  advantage.  If  those  essential  secrets  are  stolen,  both  our  invest¬ 
ments  and  our  advantage  can  be  lost.  The  cost-benefit  ratio  of  espionage  is  sharply  in  the  adversary’s  favor. 

Accordingly,  the  covert  acquisition  of  U.S.  technology  has  long  been  a  goal  of  most  foreign  intel¬ 
ligence  services  as  well  as  other  foreign  entities.  The  insights  Farewell  provided  into  Soviet  technology 
acquisition  operations  indicate  the  level  of  resources  that  adversaries  are  willing  to  commit  to  the  effort. 
Following  in  Russia’s  footsteps,  China  has  acquired  surreptitiously  key  technology  for  its  military  modern¬ 
ization  programs  from  the  United  States.  While  not  alone  in  the  technology  acquisition  business,  China  is 
surely  in  the  top  tier  of  the  most  active  and  effective: 

■  In  the  last  10  years,  China  has  remained  among  the  top  intelligence  threats  because  of  its  strategic 
intent  to  counter  the  United  States,  its  increasingly  sophisticated  capabilities,  and  its  abundant 
opportunities  to  gather  U.S.  data.  China’s  intelligence  interest  in  U.S.  personnel  is  growing,  owing 
to  such  things  as  the  war  in  Iraq,  North  Korean  belligerence,  and  increased  tension  over  Taiwan. 

■  China  maintains  some  of  the  world’s  most  effective  intelligence  services — including  the  Ministry 
of  State  Security  and  the  People’s  Fiberation  Army  Military  Intelligence  and  Technical  Intelligence 
Departments — with  global  reach. 

■  Collection  of  scientific  and  technological  information  has  been  one  of  the  Chinese  intelligence 
services’  top  priorities.  In  recent  years,  China  has  successfully  used  espionage  to  acquire  a  range  of 
sensitive  U.S.  technologies,  including  design  information  on  all  of  the  most  advanced  U.S.  nuclear 
weapons,  missile  design  and  guidance  technology,  electromagnetic  weapons  R&D,  and  space 
launch  capabilities.40 

■  In  addition  to  more  familiar  techniques,  China’s  use  of  nontraditional  intelligence  methods, 
including  an  extensive  network  of  collectors  who  are  not  professional  intelligence  officers,  has 
enabled  it  to  operate  with  less  scrutiny  from  U.S.  counterintelligence. 

The  most  successful  espionage — the  kind  that  goes  undetected — is  all  the  more  effective  because 
what  is  not  known  cannot  be  remedied.  And  the  risks  are  growing.  The  marvels  of  modern  information 
technology  and  microelectronics  have  revolutionized  espionage  tradecraft,  enabling  the  clandestine  extrac¬ 
tion  of  vast  volumes  of  data  in  miniaturized  storage  media  or  across  computer  networks  with  a  keystroke. 

The  Nation  looks  to  counterintelligence  both  to  give  insights  into  the  foreign  intelligence  threats 
against  technologies  vital  to  our  security  and  to  supply  options  to  counter  those  threats.  That  job  requires 
focused  and  creative  Cl  collection  activities,  strategic  analytic  exploitation,  and  coordinated  operational 
discipline.41  But  in  the  absence  of  an  overall  integrating  and  consistent  policy  to  stop  technology  diversion, 
the  work  of  counterintelligence  will  be  only  a  drop  in  a  leaky  bucket. 

It  is  difficult  to  determine  how  much  of  the  theft  of  sensitive  U.S.  technology  and  intellectual  prop¬ 
erty  is  being  directed  by  foreign  governments,  rather  than  self-initiated  by  businessmen,  academics, 
or  scientists  for  purely  commercial  or  scientific  reasons.  Anecdotal  evidence  and  incomplete  statistical 
information  indicate  that  much  trade  secret  and  technology  theft  takes  place  without  direct  intervention 
by  foreign  governments,  although  most  foreign  governments  that  are  involved  do  not  discourage  such 
activity  and  themselves  benefit  from  the  transfers.  Consequently,  protecting  the  U.S.  sensitive  technol¬ 
ogy  base  from  foreign  diversion  is  inherently  a  multifaceted  undertaking,  involving  export  control  laws, 
diplomacy,  international  conventions,  intelligence,  public  education,  demarches,  interdictions,  as  well  as 
counterintelligence. 

U.S.  counterintelligence  has  the  job  of  identifying  those  operations  in  which  a  foreign  intelligence 
hand  is  orchestrating  efforts  to  acquire  sensitive  U.S.  technologies.  However,  the  key  to  protecting  Amer¬ 
ica’s  qualitative  defense  advantage  is  to  draw  upon  all  the  tools  of  statecraft,  national  policy,  law  enforce¬ 
ment,  and  public  awareness  to  deny  adversary  acquisition  of  essential  technology  secrets.  These  things 
must  be  done  in  concert,  if  they  are  to  succeed,  and  that  is  a  policy  call. 
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Defeat  Foreign  Denial  and  Deception.  Ancient  Biblical  wisdom,  “On  your  own  intelligence  rely  not” 
(Proverbs  3:5),  underpins  the  fourth  strategy  pillar:  U.S.  counterintelligence  shall  safeguard  the  integrity  of 
intelligence  and  identify  and  defeat  foreign  denial,  deception,  and  covert  influence  operations. 

Analysis  of  foreign  denial  and  deception  (D&D)  activities  is  arguably  among  the  most  challenging  of 
intelligence  analytic  disciplines.  Throughout  history,  nations  have  sought  advantage  over  rivals  through  the 
manipulation  of  valued  information.  Such  manipulation  spans  a  spectrum  of  activities  from  the  simple  act  of 
keeping  certain  information  exclusive  or  secret  to  sophisticated  deceptions  that  seek  to  confuse  or  mislead  an 
adversary’s  collection,  analytic,  and  decisionmaking  process.  This  spectrum  includes  denial,  in  which  infor¬ 
mation  is  used  in  a  “defensive”  way  by  keeping  it  both  secret  and  hidden  (where  the  information  gains  further 
advantage  through  exclusivity  and  obscurity),  and  deception,  in  which  information  is  used  in  an  “offensive” 
way  to  mislead  or  confuse  an  adversary  and  which  can  include  the  use  of  both  truthful  and  overt  as  well  as 
false  information  in  such  a  way  as  to  influence  a  rival  nations  perceptions.  The  discovery  and  uncovering  of 
the  first,  and  protection  against  the  second,  are  “the  two  great  purposes  of  intelligence.”42 

While  the  first  key  purpose  of  intelligence — the  identification,  gathering,  and  accurate  interpretation 
of  a  foreign  nations  secret  information  in  order  to  gauge  its  intentions  and  capabilities — is  difficult,  par¬ 
ticularly  where  the  very  existence  of  the  information  is  hidden,  the  other  key  purpose — guarding  against 
deception — is  even  more  challenging.  Deception  analysis  focuses  on  providing  a  type  of  quality  check  on 
the  information  gathered  about  foreign  nations  in  order  to  uncover  the  purposeful  falsehoods  sent  out 
by  nations  seeking  to  gain  advantage.  In  most  cases,  nations  use  denial  and  deception  in  combination, 
further  compounding  the  challenge  to  collectors,  analysts,  and  decisionmakers.  Indeed,  denial  and  decep¬ 
tion  are  inextricably  woven.  Nations  historically — and  currently — have  employed  D&D  as  an  organic 
whole,  therefore  placing  a  premium  on  sophisticated  and  nuanced  all-source  analysis  for  its  detection  and 
understanding. 

The  ever-present  possibility  of  deception  is  “a  dilemma  and  predicament  of  intelligence  work.”43  All 
intelligence  services  practice  deception,  from  the  mundane  practices  of  lying  and  falsifying  documents  to 
elaborate  double  and  triple  agent  operations  to  the  exploitation  of  channels  of  communications  known  to 
be  compromised.  Adversaries  (and  even  friends44)  attempt  to  mislead  U.S.  intelligence  and  sway  decision¬ 
makers.  The  more  they  know  about  U.S.  intelligence,  the  greater  their  chances  for  success. 

Our  political  strength  also  turns  on  protecting  our  institutions  and  alliances  from  covert  influence 
operations  by  foreign  intelligence  services.  Thanks  to  the  information  revolution  and  the  explosion  of 
technology,  the  technical  potential  to  influence  perceptions  is  extensive  and  growing,  as  is  our  susceptibil¬ 
ity  to  such  techniques.  Also  increasing  is  the  number  of  channels  through  which  influence  may  be  exerted, 
through  both  clandestine  intelligence  channels  and  open  sources  of  information. 

Successful  foreign  penetrations,  both  human  and  technical,  have  netted  foreign  intelligence  services 
an  enormous  amount  of  U.S.  classified  information,  enabling  debilitating  countermeasures  to  U.S.  intel¬ 
ligence  collection  and  analysis.  One  of  the  greatest  bargains  in  espionage  history  was  the  Soviet  purchase 
of  the  technical  manual  for  the  KH-1 1  reconnaissance  satellite  from  former  CIA  employee  (now  convicted 
spy)  William  Kampiles  for  a  paltry  $3,000.  As  a  result  of  this  theft  and  other  compromises,  U.S.  intelligence 
must  assume  as  a  matter  of  course  that  overhead  imagery  and  other  technical  collection  will  be  met  by 
D&D  efforts. 

There  is  a  continuing  market  for  these  stolen  U.S.  secrets,  which  can  be  sold  or  bartered  to  third  party 
states  or  terrorist  organizations  that  have  their  own  uses  for  the  information.  The  knowledge  gained  of  U.S. 
intelligence  sources  and  methods — through  spies,  unauthorized  disclosures,  and  even  some  authorized 
disclosures — has  aided  in  extensive  concealment  and  denial  programs  that  increase  our  uncertainty  about 
foreign  capabilities  and  intentions,  and  more  effective  foreign  deception  operations  to  mislead  us.  India’s 
detonation  of  nuclear  explosions  in  1998,  which  came  as  shock  to  U.S.  intelligence,  was  a  prime  example  of 
such  a  successful  effort. 

As  a  result  of  sensitive  knowledge  gained  about  U.S.  intelligence,  many  nations  have  learned  denial 
and  deception  techniques  to  present  a  false  picture  of  reality.  These  foreign  D&D  practices  may  lead  U.S. 
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analysts  to  faulty  judgments,  when  vital  information  has  not  been  collected,  or  when  deception  distorts 
understanding.  The  danger  is  that  useless  or  deceptive  information — whether  from  human  or  technical 
collection — may  be  integrated  into  U.S.  intelligence  and  disseminated  to  policymakers,  weapons  designers, 
warfighters,  and  even  the  warning  community  as  if  it  were  true.45 

Modern  technology  compounds  the  avenues  for  deception,  but  the  problem  is  one  that  was  known  to 
the  ancients.  The  notion  that  “all  warfare  is  based  on  deception”  dates  from  the  6th-century  BCE  writings  of 
Sun  Tzu,  who  devotes  the  closing  pages  of  The  Art  of  War  to  the  classes  and  value  of  spies,  how  to  convert 
enemy  spies  to  one’s  own  service,  and  how  to  use  “doomed  spies”  as  double  agents  “to  carry  false  tidings 
to  the  enemy.”  He  tempers  these  instructions  to  the  successful  general  with  the  strong  caution  that  the  use 
of  spies  to  deceive  and  mislead  is  a  two-way  street,  and  that  “without  subtle  ingenuity  of  mind,  one  can¬ 
not  make  certain  of  the  truth  of  their  reports.”  It  is  the  enduring  job  of  counterintelligence  collection  and 
analysis  to  supply  that  “subtle  ingenuity”  to  protect  and  validate  U.S.  intelligence,  and  in  so  doing  to  reveal 
otherwise  unseen  strengths  and  weaknesses  and  threats  that  adversaries  pose. 

Level  the  Economic  Playing  Field.  U.S.  companies  are  competing  in  an  increasingly  challenging 
global  market  and  occasionally  against  foreign  competitors  who  may  have  an  unfair  advantage  at  their  dis¬ 
posal:  the  hidden  resources  of  their  governments.  Of  particular  concern,  when  it  comes  to  commercially 
valuable  financial  and  technical  information,  private  American  firms  may  find  themselves  competing  not 
only  with  other  companies  but  also,  on  occasion,  against  foreign  intelligence  services.  For  example,  Pierre 
Bousquet  de  Florian,  chief  of  Frances  internal  security  service,  openly  declared  at  the  end  of  2003  that 
business  intelligence  was  a  major  priority,  along  with  the  fight  against  terrorism.  Other  states  may  be  less 
candid  but  even  more  aggressive.  The  National  Counterintelligence  Strategy  directs  that  U.S.  counterintel¬ 
ligence  work  expose  these  foreign  intelligence  practices  in  order  to  help  ensure  a  level  economic  playing 
field  for  U.S.  business  and  industry. 

The  protection  of  American  strategic  information  and  technology,  including  the  proprietary  com¬ 
mercial  information  that  brings  competitive  advantage,  has  long  been  an  element  of  the  Nations  security, 
head  responsibility  for  that  job  falls  to  the  private  sector  owners  of  that  information  and  technology,  but 
government  also  has  a  role  to  play,  and  U.S.  counterintelligence  has  a  job  to  do. 

As  a  first  and  obvious  step,  government  can  provide  information  about  the  threat,  to  the  extent  that 
intelligence  is  available  and  can  be  confidently  shared.  Of  course,  information-sharing  is  a  two-way  street. 
The  most  immediate  tip-offs  to  foreign  economic  espionage  activities  usually  come  from  such  things  as 
industrial  plant  incident  reports,  overly  inquisitive  foreign  merchants  at  international  trade  shows,  or  the 
experiences  of  businessmen  who  return  to  their  hotel  room  to  find  their  laptop  missing  along  with  the 
proprietary  data  on  its  hard  drive.  The  commercial  sector’s  willingness  to  share  such  information  with  the 
government  depends  in  turn  on  its  confidence  that  the  government  is  able  to  protect  commercially  sensi¬ 
tive  data  and  that  the  information  provided  will  be  put  to  good  use. 

The  intimate  interplay  of  security  and  counterintelligence  in  managing  risk  underscores  the  impor¬ 
tance  of  a  close  government-industry  relationship.  U.S.  counterintelligence  has  the  job  of  identifying  for¬ 
eign  intelligence  operations,  including  the  way  foreign  governments  may  use  intelligence  resources  to  gain 
commercial  advantage.  But  it  is  up  to  business  and  industry  to  decide  how  to  protect  themselves  against 
these  potential  threats.  No  enterprise  can  be  completely  secure,  so  U.S.  business  and  industry  will  always 
face  some  level  of  risk;  deciding  how  to  manage  that  risk  to  carry  out  operations  effectively  is  the  real  secu¬ 
rity  challenge.  In  that  effort,  counterintelligence  and  security  cannot  be  afterthoughts  imposed  on  corpo¬ 
rate  R&D  personnel,  businessmen,  or  mid-level  managers.  Heightened  awareness  and  intelligent  security 
practices  that  protect  the  valuable  secrets  of  the  corporation  are  the  best  guarantors  of  success  against  the 
foreign  intelligence  threat. 

The  U.S.  Government,  and  particularly  the  Department  of  Homeland  Security,  has  a  concerted  effort 
under  way  to  ensure  the  availability  and  accessibility  of  essential  threat  information  to  critical  infrastruc¬ 
ture  owners  and  operators,  as  well  as  state  and  local  authorities  responsible  for  security  and  other  protec¬ 
tive  measures  against  terrorist  threats.  While  the  government’s  principal  focus  must  remain  the  terrorist 
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threat,  there  is  also  room  to  enhance  outreach  to  the  private  sector  to  increase  awareness  of  the  economic 
intelligence  threat  facing  the  Nation  as  a  whole.  In  particular,  U.S.  counterintelligence  can  provide  threat 
information  and  help  educate  the  science  and  technology  community  to  the  variety  of  ways  foreign  adver¬ 
saries  may  employ  intelligence  techniques  to  steal  information. 

Inform  National  Security  Decisionmaking.  The  National  Counterintelligence  Strategy  directs  that 
the  national  security  decisionmaking  process  be  informed  by  the  particular  insights  that  counterintel¬ 
ligence  can  provide.  For  example,  it  is  no  secret  that  Syrian  intelligence  and  security  services  are  integral 
to  President  Bashar  Assad’s  power.  As  our  national  security  leadership  considers  how  to  deal  with  Syria,  it 
might  be  helpful  to  explore  the  following  questions: 

■  What  would  cause  those  services  to  withdraw  their  support  for  Assad? 

■  Is  there  a  residual  Syrian  intelligence  capability  in  Lebanon,  left  behind  in  the  wake  of  the  with¬ 
drawal  of  Syrian  troops?  If  so,  what  role  is  it  playing,  and  how  does  it  interact  with  Hezbollah? 

■  Is  Syrian  intelligence  involved  in  supporting  other  terrorist  groups?  If  so,  which  ones  and  how? 

■  Is  Syrian  intelligence  supporting  insurgency  operations  in  Iraq?  If  so,  who  specifically  is  responsible? 

■  What  is  the  level  and  nature  of  Syrian  intelligence  cooperation  with  Iran? 

■  Does  Syria  conduct  clandestine  operations  in  Europe  or  in  the  United  States? 

For  the  future,  the  President  is  looking  to  the  Director  of  National  Intelligence,  the  National  Counterintel¬ 
ligence  Executive  (NCIX),  and  the  Cl  community  to  be  ready  to  answer  questions  such  as  these. 

As  a  new  guest  at  the  policy  table,  counterintelligence  should  be  prepared  to  present  an  array  of  stra¬ 
tegic  Cl  insights  and  operational  options  in  foreign  and  defense  policy  for  the  President  and  his  national 
security  leadership  team.  The  tasking  or  operations  of  foreign  intelligence  services  as  a  tool  to  achieve 
adversary  objectives  are  of  no  small  interest  to  national  security  policymakers  in  understanding  and 
addressing  this  “secret  war”  dimension  of  foreign  power.  In  turn,  U.S.  counterintelligence  must  look  to  the 
policy  leadership  to  prioritize  the  questions  and  objectives  that  will  drive  the  allocation  of  Cl  collection, 
analysis,  and  operations. 

Build  a  National  Counterintelligence  System.  The  final  pillar  calls  on  the  departments  and  agencies 
with  Cl  responsibilities  to  design  and  equip  the  new  elements,  plans,  and  processes  necessary  to  execute 
the  National  Counterintelligence  Strategy — in  effect,  to  turn  the  vision  of  what  needs  to  be  done  into  the 
reality  of  what  we  can  do.  And  therein  lies  the  real  challenge.  As  the  reader  may  conclude  from  the  sum¬ 
mary  above,  the  National  Counterintelligence  Strategy  is  a  prescriptive  narrative  of  how  counterintelli¬ 
gence  should  support  national  security  strategy.  The  question  is,  why  does  it  not  work  that  way  now? 

Bringing  a  Strategic  Approach  to  U.S.  Counterintelligence 

In  explaining  why  he  thinks  Americans  do  not  do  strategy  very  well,  Edward  Luttwak  observed  that, 
as  a  nation,  our  strengths  generally  lie  elsewhere: 

Americans  are  pragmatic  problem  solvers  rather  than  systemic  or  long  range  thinkers.  Our  whole  experi¬ 
ence  tells  us  that  it  is  best  to  narrow  down  complicated  matters  so  as  to  isolate  the  practical  problem  at 
hand,  and  then  to  get  on  with  finding  a  solution.  Strategy  by  contrast  is  the  one  practical  pursuit  that 
requires  a  contrary  method:  to  connect  the  diverse  issues  into  a  systematic  pattern  of  things;  then  to  craft 
plans — often  long  range — for  dealing  with  the  whole.46 

Similarly,  personal  experience  suggests  that  America’s  FBI  agents,  or  our  military  investigators,  or  our 
case  officers  at  CIA,  do  not  readily  appreciate  the  relevance  of  big-picture  national  strategy  to  their  daily 
work.  The  training  and  mental  discipline  needed  to  master  the  specifics  of  a  case,  the  voluminous  details 
of  an  investigation,  the  intricacies  surrounding  an  asset’s  recruitment,  handling,  and  reporting,  all  focus  on 
the  practical  objective  at  hand.  The  Cl  professional’s  caseload  is  developed,  assigned,  and  managed  within 
the  well-established  channels  and  authorities  of  the  cognizant  agency,  and  his  or  her  performance  is  evalu¬ 
ated  by  their  exacting  standards. 
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But  U.S.  adversaries  do  not  target  an  FBI  field  office,  or  a  CIA  station,  or  a  military  unit.  They  target 
the  United  States.  In  other  words,  while  the  foreign  intelligence  threat  is  strategic,  the  history  of  U.S.  coun¬ 
terintelligence  has  been  one  of  dividing  responsibilities  in  order  to  be  able  to  address  foreign  intelligence 
threats  pragmatically,  rather  than  dealing  with  the  strategic  whole. 

A  History  of  Fragmentation 

When  the  U.S.  Intelligence  Community  was  organized  in  1947,  it  was  clear  from  the  start  that  a  single 
leader  was  essential  to  bring  coherence  to  its  many  components  so  the  enterprise  could  be  responsive  to 
national  direction  and  national  security  needs.  The  Director  of  Central  Intelligence  was  created  to  provide 
that  leadership,  and  recent  law  has  strengthened  and  expanded  the  post  to  the  new  position  of  Director  of 
National  Intelligence. 

By  contrast,  until  very  recently,  the  U.S.  Government  did  not  take  a  strategic  view  of  counterintel¬ 
ligence.  Its  60-year  history  has  been  one  of  having  no  one  in  charge  of  the  enterprise.  Counterintelligence 
had  no  central  leadership  because  it  was  seen  not  as  a  cohesive  undertaking,  but  rather  as  a  complicated 
set  of  threat-driven  pragmatic  activities,  each  of  which  was  measured  on  its  own  terms,  not  by  its  contribu¬ 
tions  to  a  larger  whole. 

The  measures  of  effectiveness  in  counterintelligence — and  in  personal  advancement  in  the  profes¬ 
sion — have  been  delimited  by  individual  cases.  Did  we  catch  the  spy?  Did  we  find  the  microphones  embed¬ 
ded  in  the  Embassy  walls?  Did  we  discover  the  true  owners  of  the  front  company  engaged  in  technology 
diversion?  Such  successes  are  good  things  that  can  make  for  fabulous  stories  revealing  flashes  of  brilliance, 
creativity,  and  daring,  and  heralding  some  true  legends  in  the  business. 

Far  rarer  is  the  case  in  which  the  operational  possibilities  of  ongoing  investigations,  the  access  of  a 
given  penetration,  or  a  double  agent  tasking  have  been  fitted  against  a  larger  tapestry  of  the  adversary’s 
strategic  purpose  to  inform  a  Cl  plan  for  dealing  with  the  whole.  The  system  is  not  wired  to  work  that  way. 

Historically,  the  Cl  community  was  not  organized  or  structured  to  accomplish  a  central  national  mis¬ 
sion;  rather,  its  various  elements  have  grown  out  of  individual  department  or  agency  responsibilities,  with 
operational  authority  split  in  gross  terms  between  the  needs  of  domestic  security  against  foreign  agents 
(FBI),  and  the  operational  needs  of  intelligence  collection  (CIA)  and  military  actions  in  the  field.47 

Federal  Bureau  of  Investigation.  The  FBI  became  America’s  leading  Cl  agency  as  a  result  of  the 
cumulative  series  of  authorities,  responsibilities,  and  skills  that  it  acquired  in  response  to  changing  national 
needs  over  the  course  of  the  last  90  years.  The  Nation  has  turned  to  the  investigative  resources  of  the  FBI  to 
deal  with  saboteurs,  to  find  and  prosecute  spies,  and  to  collect  intelligence,  both  domestically  and  abroad. 
This  long  and  episodic  history  is  both  a  blessing  and  a  curse.  It  has  given  the  Bureau  the  premier  standing 
it  has  today  among  the  Nation’s  Cl  agencies,  while  also  straining  its  ability  to  keep  pace  with  expectations. 

When  German  saboteurs  began  operating  within  the  United  States  during  World  War  I,  there  were  no 
laws  against  domestic  espionage  or  sabotage  and  no  lead  agency  for  domestic  security.  One  contemporaneous 
report  counted  43  suspicious  fires  or  explosions  at  war  materiel  plants  from  1915  to  1917,  bombs  on  nearly  50 
U.S.  ships  carrying  supplies  to  the  Allies,  and  hundreds  of  lives  lost  to  German  agents  who  had  infiltrated  the 
United  States.48  The  country  turned  to  Federal  law  enforcement  to  investigate  and  stop  the  saboteurs. 

Upon  America’s  entry  into  the  Great  War,  Congress  passed  the  Espionage  Act  and  assigned  its  enforce¬ 
ment  to  the  400-member  Bureau  of  Investigation  in  the  Justice  Department — the  precursor  of  the  FBI.  In 
the  mid- 1930s  (when  Charles  Burton  Marshall  was  fresh  out  of  college),  President  Franklin  Roosevelt, 
prompted  by  concern  over  the  growth  of  domestic  movements  supporting  communism  and  fascism, 
secretly  expanded  the  FBI’s  jurisdiction  over  domestic  intelligence.  Throughout  World  War  II,  the  Bureau 
concentrated  on  Axis  espionage  threats  within  the  United  States  as  well  as  Nazi  intelligence  operations 
throughout  Latin  America.  When  the  structure  of  the  Intelligence  Community  was  formalized  in  1947, 
the  FBI’s  20-plus-year  history  in  domestic  security  (intelligence,  countersabotage,  and  counterespionage) 
resulted  in  its  de  facto  assignment  as  lead  agency  for  counterintelligence  (which  was  defined  as  including 
all  of  these  things). 
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Since  then,  the  FBI  has  evolved  through  several  distinct  stages  in  the  execution  of  its  Cl  mission.49 
From  at  least  the  1960s  through  the  early  1980s,  every  agent  in  the  National  Security  Division,  where  Cl 
responsibilities  are  lodged,  knew  that  his  central  job  was  to  recruit  KGB  personnel.  At  that  period  in  the 
Nations  history,  a  clearly  defined  adversary  eclipsed  all  other  intelligence  threats,  and  there  was  a  cor¬ 
respondingly  clear  mission  to  penetrate  that  threat.  The  FBI  also  conducted  Cl  operations  against  known 
and  suspected  intelligence  activities  of  a  classified  list  of  so-called  criteria  countries,  namely  the  commu¬ 
nist  nations. 

With  the  issuance  of  Executive  Order  12333,  “United  States  Intelligence  Activities,”  in  1981, 50  the  FBI 
was  explicitly  directed  to  conduct  and  coordinate  all  Cl  activities  within  the  United  States.  As  a  result,  in 
the  ensuing  years  of  the  Reagan  administration,  Cl’s  share  of  the  Bureau’s  resources  increased  from  about 
10  percent  of  the  agent  workforce  up  to  nearly  a  quarter.  The  FBI’s  central  strategic  focus  shifted  to  coun¬ 
terespionage — finding  foreign  penetrations  into  the  U.S.  Government.  The  “Year  of  the  Spy”  in  1985  and 
the  flood  of  espionage  prosecutions  in  the  years  that  followed  were  visible  successes  of  the  FBI’s  work. 

Then,  the  Berlin  Wall  fell,  and  an  abrupt  drawdown  in  resources  occurred  across  the  Intelligence 
Community.  The  National  Security  Division  fell  back  to  the  10  percent  mark  of  the  FBI  workforce,  where 
the  Cl  division  remains  today.  The  old  criteria  country  list  was  overtaken  by  events.  Searching  for  a 
method  of  ordering  Cl  operations  in  a  time  of  multiple  and  uncertain  foreign  intelligence  threats,  the  FBI 
adopted  a  new  National  Security  Threat  List  to  prioritize  its  Cl  work,  which  took  into  account  foreign 
activities  in  the  United  States  as  well  as  a  range  of  things  of  strategic  importance  to  the  country’s  security 
and  economic  well-being. 

The  Nation  was  hit  by  the  first  World  Trade  Center  attack  in  1993,  followed  by  the  deadly  bombing  in 
Oklahoma  City  in  1995.  For  the  FBI,  these  shocks  meant  an  influx  of  funding  to  combat  terrorist  threats, 
as  well  as  new  demands  on  leadership  attention  and  expectations  for  Bureau  performance. 

Then  came  September  11,  and  in  its  wake  came  the  creation  of  a  new  National  Security  Branch  at  the 
FBI,  dominated  by  the  counterterrorism  mission.  As  a  result  of  new  national  priorities,  the  non-terrorist- 
related  Cl  programs  have  become  a  reduced  collateral  mission,  focused  largely  again  on  counterespionage. 

Despite  recent  changes,  the  FBI  remains  first  and  foremost  a  law  enforcement  agency,  responsible  for 
investigating  violations  of  Federal  criminal  statutes,  including  the  Espionage  Laws.51  Much  of  its  counterintel¬ 
ligence  expertise  is  derived  from  the  techniques  and  training  required  for  such  criminal  investigations.  Ask 
any  FBI  agent  working  counterintelligence,  “Are  you  principally  an  intelligence  officer  or  a  law  enforcement 
officer?”  You  will  get  the  same  answer  every  time.  The  identity  that  (properly)  comes  with  carrying  a  badge 
and  a  gun  also  orders  the  FBI’s  core  orientation  and  product  line.  But  there  is  no  question  that  the  Bureau’s 
responsibilities  have  evolved  from  a  relatively  narrow  counterespionage  focus  to  those  of  a  full-scope  counter¬ 
intelligence  service  for  virtually  all  foreign  intelligence  activities  occurring  within  the  United  States. 

Central  Intelligence  Agency.  The  history  of  U.S.  counterintelligence  abroad  is  far  different.  Follow¬ 
ing  a  2-year  interregnum  after  the  disestablishment  of  the  OSS,  the  newly  created  CIA  inherited  several 
components  largely  intact  from  their  predecessor:  a  research  and  analysis  function;  a  covert  action  staff; 
a  clandestine  HUMINT  arm  (originally  known  as  the  Directorate  of  Plans,  later  Operations);  and  a  sepa¬ 
rate  counterintelligence  staff  (known  as  X-2  within  OSS)  within  the  Directorate  of  Operations  (DO).  The 
focus  of  this  Cl  staff  was  the  conduct  of  certain  Cl  operations  and  Cl  review  of  DO  operations.  Other  than 
to  include  counterintelligence  as  part  of  its  definition  of  intelligence  (foreign  intelligence  being  the  other 
component)  and  to  exclude  the  Cl  activities  of  the  FBI  from  its  definition  of  national  intelligence,  the 
National  Security  Act,  which  established  the  CIA,  gave  no  particular  Cl  responsibilities  to  the  agency.52 

Against  the  backdrop  of  the  Cold  War  and  the  activities  of  the  KGB,  counterintelligence  developed 
within  the  CIA  largely  as  a  component  designed  to  protect  offensive  clandestine  operations  from  compro¬ 
mise.  In  1974,  a  complicated  20-year  history  of  conceptual,  bureaucratic,  personal,  and  ideological  struggles 
within  the  DO  culminated  in  a  purge  of  the  Cl  staff  following  public  revelations  of  CIA  improprieties.  These 
events  led  directly  to  the  2-year-long  session  of  congressional  inquiries  by  the  Church  and  Pike  Committees 
and  an  extended  public  spectacle  of  further  revelations  of  wrongdoing.  In  the  ensuing  years,  the  Agency  effec¬ 
tively  withdrew  from  even  its  narrow  Cl  mission  and  has  been  on  a  long  road  to  recovery.53  The  revelation 
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of  Aldrich  Ames’  devastating  betrayals  in  the  service  of  the  Russians  sparked  a  painful  reappraisal  of  CIA’s 
counterespionage  capabilities  and  the  establishment  of  a  dedicated  senior  Cl  office  within  the  director’s  suite. 
That  position  was  abolished  in  the  latest  reorganization,  which  assigned  Cl  responsibilities  to  a  staff  element 
within  the  new  National  Clandestine  Service,  whose  duties  are  yet  to  be  fully  defined. 

The  essential  point  is  this:  CIA  was  not  directed  and  did  not  attempt  to  create  a  worldwide  Cl  service 
designed  to  detect,  analyze,  and  counter  all  foreign  intelligence  operations  abroad  that  were  directed  at  the 
United  States  and  its  interests.  Far  from  being  a  partner  with  the  FBI  to  build  a  global  perspective  on  the 
operations  of  foreign  intelligence  services,  the  CIA  has  interpreted  its  Cl  job  as  confined  to  protecting  its 
own  house  and  mission.  During  the  Cold  War,  the  DO  correctly  understood  one  of  its  primary  tasks,  the 
clandestine  penetration  of  the  KGB,  to  be  an  important  contribution  to  the  overall,  but  generally  unde¬ 
fined,  national  U.S.  Cl  mission.  But  the  Agency  has  never  seen  itself  with  a  comprehensive  overseas  Cl 
mission  corresponding  to  the  mission  that  evolved  for  the  FBI  domestically. 

Department  of  Defense.  War  planners  understand  the  necessity  of  neutralizing  the  intelligence  capabili¬ 
ties  of  the  adversary.  As  General  George  Washington  famously  said,  “There  is  one  evil  I  dread  and  that  is  their 
spies.”  Accordingly,  counterintelligence  as  a  military  mission  has  long  been  counted  among  the  war  arts. 

But  in  peacetime,  counterintelligence  (including  counterespionage)  at  the  Department  of  Defense 
(DOD)  is  grounded  in  the  larger  force  protection  mission  of  the  military  services.  Each  of  the  Services 
charters  and  organizes  its  relatively  narrow  counterintelligence  efforts  substantially  differently  accord¬ 
ing  to  Service  requirements.  The  Army  combines  its  counterintelligence  function  with  those  of  human 
and  signals  intelligence  under  the  Assistant  Chief  of  Staff  for  Intelligence.  Its  Cl  officers  have  no  crimi¬ 
nal  jurisdiction.  The  Air  Force  and  Navy,  on  the  other  hand,  keep  counterintelligence  separate  from 
their  intelligence  functions  and  combine  Cl  duties  with  criminal  investigation.  The  Air  Force  compo¬ 
nent  (the  Office  of  Special  Investigations)  reports  to  the  Air  Force  Inspector  General,  while  the  Navy 
Criminal  Investigative  Service  is  a  separate  command  within  the  Navy  Department.54  As  is  common  to 
other  functions  within  the  hierarchical  DOD  organization,  each  combatant  commander  also  has  a  Cl 
staff  element,  while  the  Services  organize,  train,  and  equip  their  Cl  components  assigned  to  support  the 
combatant  commands. 

With  each  of  the  Service  components  attending  to  its  own  needs,  no  entity  was  charged  with  the  Cl 
concerns  of  the  many  independent  defense  agencies,  activities,  and  non-Service  personnel,  nor  was  there 
an  entity  that  could  bring  a  cross-cutting,  strategic  perspective  commensurate  with  the  size  and  impor¬ 
tance  of  DOD  assets  as  targets  for  foreign  intelligence  collection  and  manipulation.  To  begin  to  redress  this 
deficiency,  the  Counterintelligence  Field  Activity  (CIFA)  was  established  in  2002  within  the  Office  of  the 
Secretary  of  Defense  to  develop  and  manage  all  DOD  Cl  programs  and  to  serve  as  the  central  coordination 
point  for  Cl  policy  and  budget  matters  within  the  Department.  CIFA’s  charter,  however,  does  not  confer 
any  authority  to  conduct  operations  or  investigations,  and  CIFA  is  still  enduring  the  growing  pains  of  a 
new  umbrella  organization  trying  to  establish  its  responsibilities  at  home  and  abroad  and  to  impose  order 
over  formerly  (and  still  mostly)  independent  entities  with  long  histories. 

Although  DOD  owns  or  controls  most  of  the  secrets  worth  stealing,  it  does  not  command  the 
resources  necessary  to  counter  foreign  intelligence  operations  directed  against  those  secrets.  Nor  does  it 
have  the  authority  to  take  on  that  mission  alone.  Executive  Order  12333  requires  that  DOD  coordinate  its 
Cl  operations  abroad  and  at  home  with  the  agencies  that  have  lead  Cl  responsibility  in  those  domains — CIA 
and  FBI,  respectively.  Nor  does  the  Reagan-era  Executive  order  assign  DOD  or  any  of  its  sister  agencies  the 
duty  of  forging  an  integrated  Cl  mission  to  protect  the  United  States  against  foreign  intelligence  threats. 

What’s  Wrong  with  This  Picture ?  The  problem  is  straightforward.  Historically,  the  Nation’s  Cl  capa¬ 
bilities  have  grown  from  the  bottom  up  rather  than  being  planned  from  the  top  down.  As  a  result,  U.S. 
counterintelligence  consists  of  five  operating  arms  that  are  a  loose  confederation  of  independent  organiza¬ 
tions  with  other  and  varying  responsibilities,  jurisdictions,  and  capabilities.  Their  operations  have  tended 
to  focus  on  individual  cases,  with  little  appreciation  of  the  potential  impact  of  a  synergistic  effort.  While 
bilateral  interaction  between  sister  agencies  has  increased  in  recent  years  and  especially  in  the  wake  of  Sep¬ 
tember  11,  taken  together  those  contacts  do  not  begin  to  equal  a  cohesive,  integrated  whole. 
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It  is  not  a  question  of  needing  better  management  over  U.S.  counterintelligence.  Rather,  it  is  a  basic 
design  flaw  in  U.S.  counterintelligence,  in  which  the  whole  is  less  than  the  sum  of  its  parts.  Individual  Cl 
collectors,  investigators,  operators,  analysts,  and  support  personnel  can  and  do  perform  extraordinarily 
well,  but  taken  as  a  whole,  their  efforts  fall  far  short  of  potential  and  need.  Individual  agents,  investigators, 
or  intelligence  officers  can  be  very  proactive  and  exercise  great  initiative  and  creativity,  and  yet  the  sum  of 
what  they  do  will  not  bring  us  a  strategic  offensive  gain  against  foreign  intelligence  threats  unless  orches¬ 
trated  to  a  common  purpose. 

Without  an  overarching  national  Cl  mission  to  prioritize  threat  and  articulate  goals  and  objectives,  or 
a  national  mission  manager  to  program,  conserve,  and  orchestrate  Cl  activities,  the  operational  elements 
have  been  left  to  manage  their  work  product  to  serve  their  individual  ends,  creating  inherent  seams  that 
invite  foreign  exploitation.  Many  of  the  counterintelligence  deficiencies  that  have  cost  us  so  dearly  have 
been  the  result  of  this  systemic  failure  in  the  architecture  of  U.S.  counterintelligence. 

A  New  Architecture  for  U.S.  Counterintelligence 

Even  before  the  September  1 1  attacks,  U.S.  counterintelligence  was  in  a  period  of  transformational 
change  as  a  result  of  the  dramatic  Cl  lapses  of  the  last  15  years — a  long  series  of  devastating  espionage 
cases  that  have  continued  to  the  present  (see  figure  2).  Some  of  the  damage  done  by  these  traitors  can  be 
attributed  to  protective  security  vulnerabilities  that  they  were  able  to  exploit.  But  these  losses  also  represent 
a  strategic  failure  of  our  nation’s  Cl  capabilities. 

Many  of  the  antecedents  to  this  strategic  Cl  failure  reflect  the  same  kinds  of  gaps  and  deficiencies 
identified  in  the  post-9/11  review  of  U.S.  intelligence  failures.  In  particular,  the  FBI  and  the  rest  of  the  Cl 
community  have  been  criticized  repeatedly  for  failing  to  collect  useful  intelligence,  to  analyze  strategic 
intelligence,  and  to  share  intelligence  internally  and  with  other  members  of  the  Intelligence  Community. 
Since  the  FBI  is  the  lead  counterintelligence  organization  in  the  U.S.  Government  by  law  and  Executive 
order,  its  performance  of  the  national  Cl  mission  has  fallen  under  particular  scrutiny. 


Figure  2.  Damage  from  Espionage 


Over  118  persons  have  been  indicted  or  prosecuted  for  espionage-related 
offensives  since  1974,  and  caused  untold  damage  to  U.S.  national  security. 

Here  is  a  tiny  sampling: 


■  Conrad  ring  operated  throughout  the  1970s  and  into  the 
1980s.  Provided  East  Germany  details  of  U.S.  war  plans 
in  Europe 

■  18-year  long  Walker-Whitworth  ring  supplied  crypto 
key  access  to  U.S.  Navy  communications  (submarine 
locations,  convoy  routing)  to  Russia 

■  CIA  officer  Aldrich  Ames  spied  for  Russia  for  9  years; 
compromised  the  identities  of  virtually  all  CIA  and  FBI 
human  sources,  many  of  whom  were  executed  by  the 
Soviets 

■  Army  noncommisioned  officers  James  Hall  and  David 
Boone  passed  Russia  detailed  data  on  national  technical 
collection  capabilities 

■  FBI  special  agent  Robert  Hanssen  spied  for  Russia  for 


21  years,  suppying  highly  sensitive  national  leadership 
plans  and  total  insight  into  the  FBI's  Cl  capabilities 

■  During  the  17  years  she  spied  for  Havana,  Ana  Montes 
became  the  Defense  Intelligence  Agency's  lead  analyst 
for  Cuba;  compromised  all  Cuban-focused  collection 
programs,  including  compartmented  activities  of  broader 
import 

■  By  unknown  hands,  China  acquired  U.S.  nuclear 
warhead  designs,  enabling  them  to  skip  ahead  by  entire 
generations 

■  Recent  investigations  into  other  suspected  Chinese 
penetrations  into  U.S.  Government  intelligence 
operations  suggest  there  are  even  more  disturbing 
revelations  to  come 


Note:  See  database  of  U.S.  persons  prosecuted  for  espionage  or  related  offenses  maintained  by  the  DOD  Defense  Personnel  Security  Service,  Espionage 
Cases  1975-2004  (Monterey,  CA:  Government  Printing  Office,  2002),  and  forthcoming  updates  at  <http://www.dss.mil/training/espionage/index.htm>. 
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The  latest  dedicated  review  of  the  Nations  Cl  capability  was  constituted  in  the  wake  of  the  Aldrich 
Ames  espionage  case  in  order  to  examine,  once  again,  what  was  wrong  with  U.S.  counterintelligence.  Led 
by  the  National  Security  Council  staff  in  the  Clinton  administration,  the  study,  entitled  “Counterintel¬ 
ligence  for  the  21st  Century”  (CI-21),  determined  that  U.S.  counterintelligence  suffered  from  two  funda¬ 
mental  flaws:  there  was  a  strategic  Cl  mission  that  was  not  being  implemented  at  a  national  level,  and  there 
was  no  attempt  to  coordinate  and  direct  the  resources  of  community  members  strategically  against  foreign 
intelligence  activities  in  the  United  States. 

While  there  was  no  serious  consideration  given  to  removing  the  full-scope  Cl  mission  from  the  FBI, 
the  review  did  result  in  a  series  of  fundamental  changes  to  the  structure  of  U.S.  counterintelligence.  Those 
changes,  originally  captured  in  Presidential  Decision  Directive  75,  and  then  in  the  Counterintelligence 
Enhancement  Act  of  2002,  created  the  National  Counterintelligence  Executive.55 

The  National  Counterintelligence  Executive.  The  central  judgment  of  CI-21  and  the  Counterintelli¬ 
gence  Enhancement  Act  is  clear.  There  is  a  national  Cl  mission  that  is  beyond  the  ability  of  any  individual 
agency  to  fulfill.  This  mission  can  only  be  accomplished  by  ensuring  the  integration  and  strategic  direction 
of  Cl  community  operations  and  resources.  The  law  places  the  responsibility  for  that  coordination  on  the 
National  Counterintelligence  Executive. 

The  NCIX  is  the  statutory  head  of  U.S.  counterintelligence,  subject  to  the  direction  and  control  of  the 
Director  of  National  Intelligence  (DNI).56  This  executive  chairs  the  National  Cl  Policy  Board  and  heads  the 
Office  of  the  NCIX  (ONCIX).  The  statutory  functions  of  that  office  include,  inter  aha,  the  annual  produc¬ 
tion  of  the  national  Cl  strategy,  the  identification  and  prioritization  of  foreign  intelligence  threats,  the  review 
of  all  Cl  budgets  and  programs  against  strategic  objectives,  and  the  evaluation  and  professionalization 
of  community  performance.  The  office  is  also  responsible  for  damage  assessments  of  espionage  cases  and 
other  compromises  of  U.S.  national  security  information. 

When  I  was  appointed  NCIX,  the  job  of  providing  centralized  leadership  and  strategic  guidance  to 
the  U.S.  Cl  community  was  still  new,  as  were  the  intellectual  constructs  necessary  to  provide  that  leader¬ 
ship.57  Conceptually,  we  were  faced  with  three  new  arenas  to  define. 

First,  what  is  the  desired  endstate  for  U.S.  counterintelligence — what  should  national  Cl  be  able  to 
deliver,  and  how  should  it  work  in  a  perfect  world?  To  practitioners,  this  may  sound  like  the  excursions  of 
Ivory  Tower  theorists  detached  from  the  real  world,  but  the  hard  work  of  thinking  through  where  we  want 
to  go  is  far  too  often  neglected  in  government  undertakings.  Having  defined  clear  goals,  we  can  measure 
progress  against  those  goals.  But  if  we  do  not  know  where  we  are  headed,  progress  reports  of  accomplish¬ 
ments  are  not  particularly  helpful.  Within  ONCIX,  and  with  the  help  of  some  talented  senior  advisors,  we 
spent  a  lot  of  time  sketching — and  debating — this  endstate. 

Second,  how  do  we  build  a  national  Cl  system,  as  directed  by  the  National  Counterintelligence  Strat¬ 
egy,  capable  of  executing  the  strategic  Cl  mission?  What  changes  or  additions  do  we  need  in  the  U.S.  Cl 
enterprise — the  many  operational  and  other  component  programs  distributed  across  the  executive  branch 
and  the  personnel  (training,  education,  skill  sets,  and  duties)  who  make  up  our  community?  This  is  an  iter¬ 
ative  process,  requiring  active  engagement  and  creative  contributions  from  across  U.S.  counterintelligence. 
It  is  also  the  first  task  of  the  planning  process  to  implement  the  National  Counterintelligence  Strategy, 
which  was  still  under  way  when  I  left  office.  While  some  modest  steps  have  been  taken,  implementation 
initiatives  to  date  have  not  kept  pace  with  identified  needs,  for  reasons  discussed  below. 

Third,  how  do  we  constitute  an  Office  of  the  NCIX  to  perform  the  national  Cl  mission?58  What  is  the 
value  added  of  the  office  to  the  desired  endstate  of  U.S.  counterintelligence,  and  what  is  its  role  within  the 
national  Cl  system?  Future  incumbents  will  approach  their  responsibilities  in  different  and  doubtless  wiser 
ways.  But  as  I  saw  the  landscape  of  U.S.  counterintelligence,  I  found  that  there  were  a  number  of  elements 
missing  from  the  strategic  Cl  mission,  which  the  new  office  of  the  NCIX  alone  could  supply.  In  my  view,  in 
order  to  lead  the  operational  and  other  components  of  the  U.S.  Cl  community  to  achieve  common  strate¬ 
gic  objectives,  the  ONCIX  must  accomplish  a  four-part  mission: 
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a  supply  the  center  of  expertise  within  the  U.S.  Government  on  the  foreign  intelligence  threats  to  the 
United  States — their  “order  of  battle” — and  serve  as  the  national  customer  to  drive  collection  on 
those  foreign  intelligence  threats 

■  ensure  that  resources  and  programs  across  the  Cl  community  are  developed,  allocated,  and  exe¬ 
cuted  to  support  collection,  analysis,  operations,  and  investigations  against  foreign  intelligence 
targets  as  mandated  by  U.S.  national  security  requirements 

■  direct  integrated  strategic  operational  planning  to  degrade  foreign  intelligence  capabilities  selec¬ 
tively  in  order  to  present  options  to  U.S.  policymakers 

■  perform  strategic  analyses  of  foreign  intelligence  capabilities  to  support  national  security  decision¬ 
makers. 

The  NCIX  is  assigned  the  national  Cl  mission  to  integrate  and  provide  strategic  direction  to  U.S.  Cl 
activities  and  capabilities  in  order  to  identify,  assess,  neutralize,  and  exploit  foreign  intelligence  threats  to 
the  United  States.  There  is  an  important  distinction  between  the  tactical  need  for  good  practices  across  the 
Cl  community  and  the  strategic  needs  of  the  national  Cl  program  and  mission.  The  Cl  practices  that  ensure 
the  security  of  a  given  department  or  agency’s  operations  must  be  left  largely  to  the  discretion  of  the  depart¬ 
ment  or  agency.  By  contrast,  in  order  to  perform  the  national  mission,  the  NCIX  must  be  able  to  coordinate 
the  considerable  resources  of  the  Cl  community  to  achieve  four  objectives:  a  comprehensive  assessment  and 
description  of  intelligence  threats  against  U.S.  interests;  the  effective  and  efficient  allocation  of  community 
resources  against  that  threat;  a  national  Cl  program  to  ensure  the  reliable,  timely,  and  relevant  conduct  of 
counterintelligence  activities;  and  an  array  of  strategic  operational  options  and  insights  regarding  foreign 
intelligence  activities  of  concern  to  the  President  and  his  national  security  leadership. 

These  strategic  needs  of  the  national  mission  are  new  requirements  for  U.S.  counterintelligence.  Each 
of  the  Cl  components  within  the  Federal  Government  has  been  hard  at  work  at  its  assigned  job.  Each  Cl 
component,  with  good  leadership,  can  effect  change  within  its  own  organization.  But  it  is  the  overall  con¬ 
cept  of  the  Nations  Cl  enterprise — its  architecture  and  execution — that  must  change  if  the  Nation  is  to 
have  a  true  strategic  Cl  capability.  One  agency  or  department  acting  alone  is  not  competent  to  do  that.  The 
NCIX,  under  the  DNI,  must  be  empowered  to  lead  the  way. 

Under  the  old  case-driven  business  model  of  counterintelligence,  which  has  given  us  our  current 
fragmented  architecture,  we  are  getting  about  the  best  we  can  expect  out  of  our  Cl  programs.  For  the 
future,  avoiding  strategic  Cl  failure  will  require  more  than  simply  doing  more  of  the  same.  We  must  draw 
on  the  strengths  of  CI’s  legacy  capabilities  but  look  beyond  them  to  where  we  need  to  be.  The  new  strategic 
approach  to  U.S.  counterintelligence  is  within  reach,  but  we  are  not  there  yet. 

Executing  the  Strategic  Counterintelligence  Mission.  The  Commission  on  the  Intelligence  Capabilities 
of  the  United  States  Regarding  Weapons  of  Mass  Destruction  (WMD  Commission),  constituted  to  exam¬ 
ine  U.S.  intelligence  in  the  wake  of  major  failures  in  the  leadup  to  the  war  with  Iraq,  devoted  substantial 
attention  to  the  problems  of  U.S.  counterintelligence.59  Finding  that  “the  United  States  has  not  sufficiently 
responded  to  the  scope  and  scale  of  the  foreign  intelligence  threat,”  the  judgment  of  the  WMD  Commission 
was  unequivocally  in  support  of  building  a  strong  strategic  Cl  capability  and  going  on  the  offense. 

In  particular,  the  WMD  Commission  called  on  the  CIA  to  establish  “a  new  capability”  to 

mount  counterintelligence  activities  outside  the  United  States  aimed  at  recruiting  foreign  sources 
and  conducting  activities  to  deny,  deceive,  and  exploit  foreign  intelligence  targeting  of  U.S.  inter¬ 
ests.  In  short,  the  goal  would  be  for  the  counterintelligence  element  to  track  foreign  intelli¬ 
gence  officers  before  they  land  on  U.S.  soil  or  begin  targeting  U.S.  interests  abroad.  In  doing  so,  the 
new  capability  would  complement  the  Agency’s  existing  defensive  operations,  and  would  provide 
the  Intelligence  Community  with  a  complete  overseas  counterintelligence  capability.60 

CIA  began  to  lay  the  groundwork  for  implementing  this  recommendation  before  Director  Porter 
Goss  left  office.  The  newly  created  National  Clandestine  Service,  under  CIA,  is  ideally  situated  to  deliver, 
for  the  first  time,  a  genuine  Cl  capability  abroad  to  complement  the  FBI’s  responsibilities  at  home.  It 
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remains  uncertain,  however,  whether  plans  for  the  new  external  Cl  cadre  will  survive  in  the  face  of  com¬ 
peting  demands  on  the  service’s  HUMINT  collection  and  other  clandestine  resources. 

More  than  any  other  single  factor,  the  new  strategic  approach  to  counterintelligence  will  succeed  or 
fail  depending  on  the  performance  of  the  FBI  in  shouldering  its  newly  assigned  responsibilities.  While  the 
FBI  is  skilled  at  enforcing  the  espionage  laws,  it  is  not  at  present  organized,  trained,  or  equipped  to  collect 
or  analyze  intelligence  on  the  foreign  intelligence  presence  in  the  United  States  beyond  those  personnel 
here  under  official  or  journalistic  cover.  Nor  can  it  develop  or  execute  offensive  operations  to  mislead, 
deny,  or  otherwise  exploit  foreign  intelligence  activities  against  us.  As  the  Bureau  has  concentrated  on 
improving  its  performance  against  the  terrorist  target,  it  has  drawn  resources  from  counterintelligence 
and  fallen  farther  behind.  Yet  with  1,720  professional  intelligence  analysts,  and  over  12,000  agents  capable 
of  collecting  valuable  information  in  the  field,  the  FBI  is  a  vastly  underutilized  resource  for  countering 
foreign  intelligence  threats  to  the  United  States.  In  line  with  the  WMD  Commissions  recommendations, 
the  consolidation  and  enhanced  professionalization  of  all  of  the  FBI’s  national  security  functions  under  the 
new  National  Security  Service,  and  its  effective  integration  into  the  Intelligence  Community,  will  be  key  to 
the  Bureau’s  ability  to  deliver  a  Cl  capability  equal  to  the  modern  threat  environment.61  As  both  the  9/11 
Commission  and  the  WMD  Commission  cautioned,  “In  the  past  the  Bureau  has  announced  its  willingness 
to  reform  and  restructure  itself  to  address  transnational  security  threats,  but  has  fallen  short — failing  to 
effect  the  necessary  institutional  and  cultural  changes  organization-wide.”62  The  jury  is  still  out  on  whether 
this  time  will  be  different. 

The  CIA,  FBI,  and  military  Services  are  working  in  their  separate  channels  to  address  different  aspects 
of  the  foreign  intelligence  threat  with  some  important  linkages  between  them,  but  each  continues  jealously 
to  guard  its  individual  insights  and  operations,  reserving  the  right  to  hold  them  apart  from  national  level 
cognizance,  much  less  guidance.  The  job  of  the  NCIX  cannot  be  done  so  long  as  there  is  a  gap  between  the 
office  of  the  executive  and  the  executing  agencies  of  the  U.S.  Government.  After  serving  nearly  3  years  as 
NCIX,  I  know  there  are  many  excellent  professionals  in  the  ranks  of  U.S.  counterintelligence  who  under¬ 
stand  and  support  the  need  for  a  strategic  Cl  capability  and  stand  prepared  to  shoulder  the  new  responsi¬ 
bilities  necessary  to  succeed.  But  there  are  many  others  within  U.S.  counterintelligence  and  elsewhere  in  key 
positions  within  the  Intelligence  Community  who  appear  far  less  enthusiastic  about  the  mission. 

The  Intelligence  Community  and  Strategic  Counterintelligence 

The  continuing  absence  of  strategic  integration  and  central  direction  over  U.S.  counterintelligence 
presents  both  opportunities  to  adversaries  to  exploit  the  seams  between  agencies  and  barriers  to  our  exe¬ 
cuting  coherent  operations  against  them.  The  need  for  a  strategic  Cl  capability  is  compelling,  and  the  law 
is  clear  on  how  the  new  architecture  is  to  work  under  the  leadership  of  the  NCIX.  So  what  is  the  problem? 

In  my  experience,  the  difficulties  range  from  rough  spots  familiar  to  anyone  trying  to  effect  change 
in  government,  to  collateral  effects  from  the  current  upheaval  in  U.S.  intelligence,  to  specific  challenges 
unique  to  U.S.  counterintelligence.  Taken  together,  these  problems  present  formidable  obstacles  to  accom¬ 
plishing  the  national  Cl  mission,  but  none  is  insurmountable  provided  the  President’s  national  security 
team,  and  especially  our  Intelligence  Community  leadership,  are  united  in  their  support. 

First,  bureaucracies  are  notoriously  resistant  to  integrating  their  work  with  that  of  other  entities  or 
to  accepting  direction  from  an  outside  organization,  especially  when  they  may  lose  control  over  their  turf. 
This  aversion  is  magnified  when  the  success  of  the  organization  depends  in  large  measure  on  protecting  the 
essential  secrets  of  its  operations.  As  Ray  Cline  recalled  about  the  creation  of  the  CIA,  “The  one  thing  that 
Army,  Navy,  State,  and  the  FBI  agreed  on  was  that  they  did  not  want  a  strong  central  agency  controlling 
their  collection  programs.”63  Similar  agreement  exists  today  among  the  components  of  U.S.  intelligence  and 
counterintelligence  as  they  regard  the  DNI  and  NCIX. 

Counterintelligence  (and  especially  counterespionage)  breeds  an  imperative  to  hold  close  to  informa¬ 
tion  and  to  stay  in  control  of  these  extremely  sensitive  operations  and  investigations.  It  can  be  (and  has 
been)  argued  that  the  sorry  history  of  successful,  longstanding  espionage  carried  out  by  trusted  insiders  is 
an  indictment  of  the  “each  is  responsible  for  its  own  house”  approach  to  counterintelligence.  Nevertheless, 
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bureaucratic  resistance  to  ceding  access  to  sensitive  Cl  information — even  the  limited  information  neces¬ 
sary  to  inform  strategic  direction — remains  fierce. 

Government  components  readily  accept  and  embrace  the  concept  of  strategic  guidance,  provided  no 
one  at  the  national  level  is  looking  over  their  shoulder  on  operations.  The  prevailing  attitude  is,  “Tell  us 
what  needs  to  be  done;  then  stand  back  and  let  us  do  it.”  That  approach  might  work  if  the  national  require¬ 
ments  could  be  met  by  assigning  discrete  responsibilities  for  each  operational  element,  coupled  with  a 
mechanism  for  validating  effectiveness  of  approach  and  results.  But  a  big  part  of  what  is  missing  in  our  Cl 
enterprise  is  the  integration  of  U.S.  counterintelligence  activities,  which  entails  more  than  bilateral  coop¬ 
eration  between  distinct  elements.  The  national  Cl  mission  requires  the  central  orchestration  of  operations 
against  a  strategic  objective,  adding  a  new  dimension  of  rigor  and  purpose  against  which  collection  as  well 
as  investigations  and  other  operations  must  be  measured.  Strategic  orchestration  and  integration  require 
more  hands-on  involvement  of  the  national  level  office  than  simply  issuing  strategic  edicts. 

Second,  it  is  far  easier  for  bureaucracies  to  fall  back  into  their  comfort  zone  than  to  lean  forward  to 
meet  new  demands.  It  is  also  easier  fiscally  to  continue  existing  programs  than  to  end  or  modify  some  of 
them  in  order  to  make  room  for  new  ones.  Instead  of  strategic  consonance,  national  guidance  too  often  is 
answered  with  bureaucratic  storytelling  to  retrofit  existing  programs  against  the  new  strategic  template  and 
passive  resistance  to  step  beyond  such  cosmetic  measures. 

New  national  level  guidance  may  also  be  deflected  by  the  retort  (genuinely  believed  by  many),  “We’re 
already  doing  that.”  Despite  the  searching  critique  of  CI-21,  despite  the  WMD  Commission  indictments 
and  calls  for  change,  despite  the  passage  of  the  Counterintelligence  Enhancement  Act  (or  perhaps  because 
of  these  things),  there  are  still  many  intelligence  and  law  enforcement  professionals  in  the  Cl  business  who 
believe  they  are  already  doing  all  that  can  be  done  against  the  foreign  intelligence  threat.  Perhaps  no  feature 
of  the  National  Counterintelligence  Strategy  or  the  strategic  Cl  mission  has  been  met  with  greater  misun¬ 
derstanding  in  the  community  than  the  imperative  to  go  on  the  offense  against  foreign  intelligence  threats. 

The  foreign  intelligence  service  is  the  hardest  target  to  penetrate.  I  have  heard  senior  Directorate  of 
Operations  officers  disparage  the  admonition  from  the  WMD  Commission  and  NCIX  to  take  on  this  target, 
arguing  that  foreign  intelligence  personnel  are  already  at  or  near  the  top  of  the  DO  targeting  list.  (Clandes¬ 
tine  HUMINT,  of  course,  is  not  the  only  collection  means  of  value  against  foreign  intelligence  operations.) 
But  it  is  one  thing  to  check  the  box  for  recruitment  opportunities,  and  quite  another  to  have  a  top-down, 
strategically  orchestrated  effort  to  disrupt  and  degrade  the  operations  of  a  foreign  intelligence  service. 

I  have  also  heard  senior  FBI  personnel  take  strong  exception  to  the  implied  criticism  that  the  Bureau 
has  not  been  proactive  in  the  execution  of  its  Cl  mission.  To  be  sure,  the  orientation  and  work  ethic  of 
individual  FBI  agents  are  very  proactive  when  it  comes  to  working  individual  cases.  But  there  is  a  vast  dif¬ 
ference  between  the  personal  initiative  exhibited  by  a  law  enforcement  officer  or  a  Cl  field  unit  and  the 
programmatic  strategic  initiative  demanded  of  the  Nation’s  lead  executing  agency  for  Cl. 

Third,  there  are  a  number  of  factors  presently  contributing  to  the  continuing  neglect  of  U.S.  counter¬ 
intelligence  and  the  related  reluctance  among  operational  components  to  take  on  the  new  responsibilities 
of  strategic  Cl: 

■  Homeland  security  and  terrorism  concerns  currently  dominate  national  policy  leadership,  com¬ 
manding  their  attention  and  leaving  less  time  for  other  national  security  issues  deemed  of  less 
urgency,  such  as  other  foreign  intelligence  threats. 

■  The  new  office  of  the  DNI  is  preoccupied  with  the  enormous  task  of  constituting  itself  and  the 
exigencies  of  effecting  changes  across  the  Intelligence  Community.  Against  this  backdrop,  the 
national  counterintelligence  mission  is  assigned  a  lower  priority  than  other  DNI  concerns — a 
point  not  lost  on  the  members  of  the  Intelligence  Community. 

■  The  FBI  is  front  and  center  in  dealing  with  terrorist  threats  within  the  United  States  and  is  con¬ 
centrating  its  effort  on  the  counterterrorist  work  of  its  new  National  Security  Branch.  Having 
narrowly  dodged  calls  for  even  greater  changes,  the  Bureau  is  performing  triage  and  delimiting 
its  Cl  efforts  in  favor  of  attending  to  counterterrorist  investigations.  If  present  personnel  and 
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workload  are  any  guide,  the  Cl  performance  by  the  new  branch  will  be  measured  internally  by  its 
counterespionage  accomplishments,  rather  than  its  performance  of  the  larger  strategic  Cl  mission. 
Time  will  tell  whether  the  national  leadership  (the  President,  the  DNI,  and  Congress)  will  judge 
the  Bureau’s  emphasis  on  counterespionage  as  sufficient. 

■  Faced  with  the  fact  of  the  new  Director  of  National  Intelligence  and  the  loss  of  its  former  status  as 
first  among  equals,  the  CIA  is  uncertain  of  its  own  place  in  the  new  intelligence  order.  It  is  difficult 
to  step  up  to  new  responsibilities  when  the  old  ones  are  in  flux.  Compounding  the  problem,  the 
Directorate  of  Operations  has  been  subsumed  into  the  new  National  Clandestine  Service,  where 
counterintelligence  is  assigned  an  even  lower  standing  than  it  previously  enjoyed. 

■  The  Defense  Department  is  fighting  wars  in  Afghanistan  and  Iraq  and  against  terrorist  net¬ 
works  globally,  in  light  of  which  concerns  over  other  foreign  intelligence  threats  have  taken  on 
a  distinctly  secondary  role.  CIFA,  constituted  to  bring  policy  and  programmatic  coherence  to 
the  Department’s  Cl  efforts,  is  facing  a  merger  with  the  struggling  Defense  Security  Service, 
which  threatens  to  overwhelm  what  should  have  been  a  sleek  Cl  organization  with  the  voracious 
demands  of  DOD’s  security  responsibilities.  CIFA  has  also  found  itself  in  the  cross-hairs  of  public 
debate  over  domestic  surveillance,  which  has  led  to  substantial  misunderstanding  about  DOD’s 
activities  in  protecting  its  personnel  and  programs  domestically  against  foreign  terrorist  and 
intelligence  threats. 

■  In  addition,  the  office  of  the  NCIX,  which  was  left  vacant  for  most  of  2006,  was  downgraded  upon 
its  incorporation  into  the  Office  of  the  DNI.  Without  an  effective  NCIX  in  office,  clearly  empow¬ 
ered  by  the  DNI,  U.S.  counterintelligence  has  been  left  with  the  unmistakable  message  that  it  is 
business  as  usual. 

Fourth,  there  is  an  inherent  tension  between  the  work  of  HUMINT  collectors  and  the  work  of  coun¬ 
terintelligence  operations.  As  discussed  elsewhere,  intelligence  collection  values  above  all  the  informa¬ 
tion;  Cl  insists  on  acting  on  that  information,  which  introduces  new  risks.  For  example,  if  a  penetration 
within  a  foreign  government  were  used  as  a  Cl  agent  (for  example,  serving  as  a  channel  for  deception), 
that  Cl  operation  would  introduce  a  new  risk  of  compromising  the  asset,  to  the  detriment  of  the  collection 
effort.  Yet  the  very  same  organizations  that  are  responsible  for  HUMINT  are  also  being  asked  to  take  on 
expanded  Cl  operational  responsibilities. 

In  addition,  there  is  a  sense  in  which  foreign  intelligence  capabilities  are  not  regarded  as  “threats”  per 
se  by  some  of  our  intelligence  professionals,  which  may  seem  strange.  Indeed,  unlike  security  services  that 
target  U.S.  collection  operations  in  country,  the  external  intelligence  services  of  friends  and  adversaries 
(with  few  exceptions)  are  not  directed  against  U.S.  clandestine  collection,  and  (until  now)  no  one  has  been 
assigned  the  duty  of  targeting  those  services  to  degrade  their  operations.  There  is  a  sense  of  competition 
among  intelligence  services,  but  that  very  competition  is  more  likely  to  engender  a  certain  professional 
respect  than  a  perspective  that  regards  the  foreign  service  as  a  hostile  force.  The  clandestine  service  looks 
at  its  rivals  and  wants  to  learn  from  alternative  tradecraft.  Adding  to  this  not-quite-a-real-threat  attitude, 
espionage  as  a  generic  national  security  concern  has  been  dismissed  more  than  once  with  the  pseudo- 
sophisticated  pronouncement,  “There  will  always  be  spies.”  Such  a  tolerant  view  might  not  seem  unreason¬ 
able,  until  we  read  the  file  drawers  full  of  damage  assessments  cataloging  the  enormous  loss  in  lives,  trea¬ 
sure,  and  pivotal  secrets  occasioned  by  spies  and  other  foreign  intelligence  coups  against  us.  Their  content 
is  a  cold  awakening  to  what  is  at  stake. 

Fifth,  offensive  counterintelligence  in  particular  can  be  extremely  difficult  business,  what  the  clas¬ 
sic  monograph  A  Short  Course  in  the  Secret  War  deems  “an  intellectual  exercise  of  almost  mathematical 
complexity.”64  This  is  graduate-level  work,  and  few  are  trained  for  it  or  intellectually  prepared  for  the  task. 
Consider,  for  example,  the  practice  of  deception.  The  possibility  of  deception  is  an  ever-present  feature  in 
intelligence  work.  Alertness  to  deception  presumably  prompts  a  more  careful  and  systematic  review  of  the 
evidence.  But  anticipation  of  deception  also  leads  the  analyst  to  be  more  skeptical  of  all  of  the  evidence, 
and  to  the  extent  that  evidence  is  deemed  unreliable,  the  analyst’s  preconceptions  must  play  a  greater  role 
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in  determining  which  evidence  to  believe.  This  leads  to  a  paradox:  the  more  alert  we  are  to  deception,  the 
more  likely  we  are  to  be  deceived.65 

Scripting  a  successful  deception  effort  must  exploit  the  psychological  implications  of  the  oppos¬ 
ing  intelligence  service’s  awareness  of  the  practice.  Deception  planners  must  understand  its  paradoxical 
nature  as  well  as  the  many  other  intricate  aspects  that  make  up  the  psychology  of  deception  to  master  the 
demanding  nuances  of  the  craft.  (So  must  deception  analysts,  whose  job  it  is  to  protect  U.S.  intelligence 
from  foreign  manipulation.)  Little  wonder  that  a  community  already  stretched  thin  on  training  and  educa¬ 
tion  and  other  resources,  and  under  a  microscope  for  past  shortcomings  and  mistakes,  is  wary  about  the 
prospect  of  a  renewed  emphasis  on  high-risk  offensive  Cl  operations. 

Sixth,  there  is  a  cart-before-the-horse  problem  in  getting  the  U.S.  counterintelligence  community  to 
execute  the  strategic  Cl  mission: 

■  Without  collection  against  the  difficult  foreign  intelligence  targets,  there  can  be  no  strategic  Cl 
operations  to  degrade  them,  but 

■  the  Intelligence  Community  will  not  turn  its  resources  to  collect  against  the  foreign  intelligence 
threat  unless  Policy  (the  community  of  intelligence  consumers)  so  directs;  however, 

■  historically,  Cl  has  not  been  integrated  into  national  security  decisionmaking,  so  Policy  is  not 
acquainted  with  the  value  strategic  Cl  operational  options  can  supply;  yet, 

■  at  the  same  time,  national  security  leaders  have  positive  intelligence  requirements  in  other  areas, 
which  the  Intelligence  Community  must  support,  so  the  foreign  intelligence  target  gets  assigned  a 
lower  collection  priority  (thus  returning  to  the  first  point). 

To  break  this  impasse,  the  National  Counterintelligence  Strategy  directs  the  integration  of  Cl  infor¬ 
mation  and  operational  options  into  national  security  decisionmaking  in  order  to  educate  and  inform  both 
communities  about  threat  and  opportunity.  My  experience  with  Cl  support  to  policymakers  suggests  that 
it  is  a  supply-side  phenomenon,  which  is  to  say,  if  U.S.  counterintelligence  can  supply  useful  options  to 
Policy,  then  Policy  will  want  more.  It  is  just  a  matter  of  getting  started. 

Finally,  we  come  to  the  office  that  heads  U.S.  counterintelligence,  the  NCIX.  A  very  serious  problem 
underscored  by  the  WMD  Commission  report  is  that  the  Counterintelligence  Enhancement  Act,  while 
assigning  specific  duties  to  the  NCIX,  does  not  give  it  directive  authority  over  the  Cl  elements.  Nor  does 
it  impose  a  corresponding  duty  on  the  elements  of  the  Cl  community  (a  term  that  is  itself  undefined)66  to 
support  the  NCIX. 

To  fix  this  problem,  the  Director  of  National  Intelligence  could  delegate  his  directive  authority  over 
Cl  budget,  analysis,  collection,  and  other  operations  to  the  NCIX,  which  would  go  a  long  way  toward 
empowering  the  national  Cl  mission  with  the  authorities  and  resources  that  it  must  have  to  succeed. 
Instead,  the  DNI  established  substantive  deputies  to  oversee  administration,  analysis,  and  collection,  with 
authorities  and  responsibilities  assigned  by  broad  directives  within  which  Cl  is  treated  as  a  lesser  included 
whole.  Accordingly,  the  deputy  DNI  for  administration  is  responsible  for  the  Cl  budget,  the  deputy  for 
analysis  is  responsible  for  the  Cl  analytic  product,  and  the  deputy  for  collection  is  responsible  for  Cl  col¬ 
lection  priorities.  By  contrast,  the  preexisting  office  of  the  NCIX  was  regarded  less  as  an  organic  element  of 
the  DNI’s  office  than  an  appendage  with  only  such  authorities  as  directly  assigned  by  law.  As  a  result,  the 
Cl  community  is  answerable  to  several  entities  within  the  office  of  the  DNI,  while  to  date  the  DNI  has  del¬ 
egated  none  of  his  authorities  over  counterintelligence  to  the  NCIX.67  Without  a  strong  central  advocate, 
the  national  Cl  mission  has  been  put  on  hold. 

Prescriptions  for  U.S.  Policy 

It  has  been  said  that  the  trouble  with  doing  something  right  the  first  time  is  that  no  one  appreciates  how 
truly  difficult  it  is.  No  one  who  has  seriously  considered  the  question  of  how  to  bring  a  strategic  approach  to 
the  Nations  counterintelligence  enterprise  will  ever  lack  an  appreciation  for  the  difficulty  of  the  job: 

Our  [Cl]  forces  are  so  compartmented  that  they  do  not  register  their  aggregate  inability  to  deal  with  the 

world-wide  coordinated  enemy  attack.  .  .  .  Many  of  the  participants  in  our  effort  are  also  inhibited  by 
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concern  for  their  particular  pieces  of  the  counterintelligence  pie  in  any  radical  revision  of  our  strategy 

Only  a  recognition  of  present  shortcomings  can  provide  the  stimulus  for  a  new  effort.68 

This  statement  is  not  a  bad  assessment  of  today’s  Cl  challenge.  It  is  depressing,  however,  to  realize 
that  these  words  were  written  over  40  years  ago. 

The  history  of  U.S.  counterintelligence  suggests  that  fragmentation  and  lack  of  strategic  coherence 
will  always  be  the  norm.  Study  after  study  has  recognized  the  shortcomings  in  U.S.  counterintelligence, 
and  still  they  persist.  Why?  I  believe  what  is  holding  us  back  is  akin  to  what  historian  Robert  Conquest 
has  called  the  “dragons  of  expectation” — the  intellectual  prejudice  and  experience-driven  belief  that  legacy 
institutions  are  impervious  to  change  and  that  therefore  a  new  strategic  approach  to  counterintelligence 
will  fail.69  And  yet,  there  is  reason  for  optimism  that  those  dragons  may  meet  their  match. 

In  2005,  President  Bush  approved  the  National  Counterintelligence  Strategy  to  go  on  the  offense,  and 
the  Cl  components  are  responding.  Many  promising  initiatives  are  under  way.  The  creation  of  the  National 
Clandestine  Service  under  CIA  provides  the  vehicle  for  executing  the  national  Cl  mission  abroad,  filling  a 
void  that  has  handicapped  the  U.S.  Cl  architecture  from  its  inception.  The  creation  of  the  National  Secu¬ 
rity  Branch  at  the  FBI  should  enable  a  more  systematic  and  strategically  driven  approach  to  the  Bureau’s 
intelligence  mission,  including  its  Cl  work.  The  Defense  Department’s  strategic  Cl  orientation  has  been 
institutionalized  in  the  mission  of  CIFA  and  the  ongoing  work  on  Cl  campaign  plans  now  incorporated 
within  the  Department’s  deliberative  planning  process. 

The  office  of  the  NCIX  has  laid  the  foundations  for  executing  the  national  Cl  mission.  It  produced 
the  first-ever  National  Counterintelligence  Strategy  and  the  comprehensive  threat  assessment  upon  which 
it  is  based.  It  conducted  the  first  community-wide  Cl  budget  review,  to  baseline  Cl  programs  against  stra¬ 
tegic  objectives.  It  has  engaged  the  Cl  community  to  build  central  databases  on  select  foreign  intelligence 
services,  which  will  serve  to  support  strategic  analyses  and  operations  and  identify  collection  needs.  With 
the  support  of  the  Congress,  it  has  established  a  pilot  project  for  the  Cl  community  to  conduct  strategic 
operational  planning  in  a  joint  environment.  It  has  chartered  a  National  Cl  Institute  to  support  training 
and  education  across  the  community  and  to  develop  common  standards  for  professionalization.  And  it  has 
established  an  interagency  process  for  developing  the  implementation  plans  needed  to  execute  the  national 
Cl  strategy  and  to  evaluate  and  improve  community  performance. 

These  are  accomplishments  of  which  the  Cl  community  justly  can  be  proud — provided  they  are 
sustained  and  carried  forward.  But  these  accomplishments,  however  promising,  will  be  for  naught  unless 
three  imperatives — without  which  there  can  be  no  strategic  Cl  capability — are  achieved. 

First,  U.S.  counterintelligence  requires  a  single  leader,  with  both  the  responsibilities  and  the  authori¬ 
ties  needed  to  execute  that  job.  This  was  the  philosophy  behind  the  creation  of  the  NCIX,  which  has 
become  obscured  in  the  wake  of  the  creation  of  the  DNI.  Housing  the  NCIX  under  a  strong  DNI  should 
have  been  a  boon  to  the  national  Cl  mission;  instead,  the  DNI  bureaucracy  has  become  part  of  the  prob¬ 
lem.  As  the  WMD  Commission  recommended,  the  NCIX  office  should  be  revalidated  and  empowered  to 
perform  the  mission  it  has  been  assigned. 

Second,  there  should  be  a  national  program  for  Cl  activities  that  is  strategic,  coordinated,  and  com¬ 
prehensive  as  to  threat.  The  national  level  office  needs  to  have  full  cognizance  of  all  U.S.  Cl  activities,  along 
with  configuration  management  authorities  over  the  several  operating  arms  including  the  seminal  Cl 
resources  of  the  FBI.  Without  the  power  of  a  common  purse,  the  mission  of  integrating  U.S.  counterintel¬ 
ligence  to  achieve  strategic  cohesion  (much  less  fielding  the  new  capabilities  required  by  the  strategic  Cl 
mission)  may  well  be  impossible.  Unfortunately,  the  Cl  portion  of  the  restructured  National  Intelligence 
Program  (NIP)  includes  less  than  a  third  of  the  budget  and  programs  formerly  subject  to  central  control; 
fully  70  percent  was  moved  out  of  the  former  national  Cl  budget  and  into  Justice  and  Defense  Department 
budgets  or  different  NIP  accounts — a  debilitating  step  back  that  needs  to  be  reversed.70 

Third,  we  need  a  national  Cl  strategic  operations  center,  a  true  community  operation,  to  integrate 
and  orchestrate  the  disparate  operational  and  analytic  activities  across  the  Cl  community  to  strategic  effect. 
The  headquarters  staff  of  the  NCIX  can  lead  this  effort,  but  the  constituent  members  of  the  Cl  community 
must  man  it  and  make  it  work.  The  greatest  single  void  at  present  arises  from  the  compartmentation  of 
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information  such  that  no  single  entity  has  a  complete  picture  to  provide  warning  of  possible  foreign  intel¬ 
ligence  successes,  to  support  operations,  or  to  formulate  policy  options  for  the  President  and  his  national 
security  leaders.  In  the  wake  of  September  11,  this  incoherence  should  be  unacceptable. 

Countering  foreign  intelligence  threats  to  the  United  States  is  a  compelling  national  security  mission, 
much  neglected  in  theory  and  practice.  It  is  an  accident  of  history  that  the  architecture  of  U.S.  counterin¬ 
telligence  has  been  fragmented  and  leaderless,  and  scores  of  damaging  compromises  and  missed  opportu¬ 
nities  have  been  the  result.  This  flawed  approach  has  endured  because  of  inattention  from  national  security 
theorists  and  decisionmakers  alike.  The  time  has  come  for  that  to  change. 
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35  Office  of  the  National  Counterintelligence  Executive,  The  National  Counterintelligence  Strategy  of  the  United  States  (Washington,  DC: 
NCIX  Publication  No.  2005-10007,  March  2005). 
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34 


SCHOOL  FOR  NATIONAL  SECURITY  EXECUTIVE  EDUCATION 


national  security  context  in  which  they  arise  (that  is,  threat  priorities  do  not  directly  correlate  to  foreign  intelligence  capability  alone  but  must  be 
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38  Michael  Sulick,  “A1  Qaeda  answers  CIA’s  hiring  call,”  The  Los  Angeles  Times,  July  10,  2005. 
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vention  Act  of  2004,  P.L.  108  458,  December  17,  2004  (50  USC  401),  which  created  the  DNI. 
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tial  appointment.  His  tenure  was  cut  short  by  the  events  of  September  2001,  shortly  after  which  he  was  recalled  to  FBI  headquarters.  The  position 
of  NCIX  stood  vacant  until  August  2003. 
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